From 169b9ac03b9360276fbd5373a4c5b2e485842770 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 04:52:49 +0000 Subject: import qemu-kvm-1.5.3-160.el7 --- diff --git a/SOURCES/kvm-apic-drop-debugging.patch b/SOURCES/kvm-apic-drop-debugging.patch index e70d141..7707029 100644 --- a/SOURCES/kvm-apic-drop-debugging.patch +++ b/SOURCES/kvm-apic-drop-debugging.patch @@ -1,23 +1,13 @@ -From 4f34f153b4249624740401f2f65301932ff6898f Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" -Date: Thu, 28 Jun 2018 17:57:09 +0200 -Subject: [PATCH 4/5] kvm/apic: drop debugging - -RH-Author: Dr. David Alan Gilbert -Message-id: <20180628175710.56848-5-dgilbert@redhat.com> -Patchwork-id: 81145 -O-Subject: [RHEL-7.5.z/RHEL-7.4.z/RHEL-7.3.z qemu-kvm PATCH 4/5] kvm/apic: drop debugging -Bugzilla: 1596302 -RH-Acked-by: Paolo Bonzini -RH-Acked-by: Laurent Vivier -RH-Acked-by: Michael S. Tsirkin - +From 483ad2c6110b2810cb409d871cb9b4214f01bfdb Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" +Date: Tue, 15 May 2018 11:56:33 +0200 +Subject: [PATCH 07/10] kvm/apic: drop debugging RH-Author: Dr. David Alan Gilbert Message-id: <20180515115634.24469-5-dgilbert@redhat.com> Patchwork-id: 80270 O-Subject: [RHEL-7.6 qemu-kvm PATCH v2 4/5] kvm/apic: drop debugging +Bugzilla: 1577680 RH-Acked-by: Paolo Bonzini RH-Acked-by: Michael S. Tsirkin RH-Acked-by: Eduardo Habkost @@ -35,9 +25,6 @@ Signed-off-by: Michael S. Tsirkin Signed-off-by: Eduardo Habkost (cherry picked from commit 1560fcfa96594f62cb2062f88e6785dda663529c) Signed-off-by: Miroslav Rezanina -(cherry picked from commit 483ad2c6110b2810cb409d871cb9b4214f01bfdb) -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Miroslav Rezanina --- hw/i386/kvm/apic.c | 1 - 1 file changed, 1 deletion(-) diff --git a/SOURCES/kvm-apic-fix-2.2-2.1-migration.patch b/SOURCES/kvm-apic-fix-2.2-2.1-migration.patch index c048c32..cfc31dc 100644 --- a/SOURCES/kvm-apic-fix-2.2-2.1-migration.patch +++ b/SOURCES/kvm-apic-fix-2.2-2.1-migration.patch @@ -1,23 +1,13 @@ -From 8af398963fd14ea74210c0796b47b870b58ad497 Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" -Date: Thu, 28 Jun 2018 17:57:07 +0200 -Subject: [PATCH 2/5] kvm/apic: fix 2.2->2.1 migration - -RH-Author: Dr. David Alan Gilbert -Message-id: <20180628175710.56848-3-dgilbert@redhat.com> -Patchwork-id: 81146 -O-Subject: [RHEL-7.5.z/RHEL-7.4.z/RHEL-7.3.z qemu-kvm PATCH 2/5] kvm/apic: fix 2.2->2.1 migration -Bugzilla: 1596302 -RH-Acked-by: Paolo Bonzini -RH-Acked-by: Laurent Vivier -RH-Acked-by: Michael S. Tsirkin - +From 9001bf38b596c0eb50daa52181ec6b4cf56cfb94 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" +Date: Tue, 15 May 2018 11:56:31 +0200 +Subject: [PATCH 05/10] kvm/apic: fix 2.2->2.1 migration RH-Author: Dr. David Alan Gilbert Message-id: <20180515115634.24469-3-dgilbert@redhat.com> Patchwork-id: 80269 O-Subject: [RHEL-7.6 qemu-kvm PATCH v2 2/5] kvm/apic: fix 2.2->2.1 migration +Bugzilla: 1577680 RH-Acked-by: Paolo Bonzini RH-Acked-by: Michael S. Tsirkin RH-Acked-by: Eduardo Habkost @@ -37,9 +27,6 @@ Signed-off-by: Paolo Bonzini currently have the wait_for_sipi change in the kvm code. Signed-off-by: Miroslav Rezanina -(cherry picked from commit 9001bf38b596c0eb50daa52181ec6b4cf56cfb94) -Signed-off-by: Dr. David Alan Gilbert -Signed-off-by: Miroslav Rezanina --- hw/i386/kvm/apic.c | 6 ++++++ hw/intc/apic_common.c | 5 +++++ diff --git a/SOURCES/kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch b/SOURCES/kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch index f191938..913ed63 100644 --- a/SOURCES/kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch +++ b/SOURCES/kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch @@ -1,23 +1,13 @@ -From 62a4c6bf428aaf562fb4b4ebfac22486be7b8ab8 Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" -Date: Thu, 28 Jun 2018 17:57:10 +0200 -Subject: [PATCH 5/5] kvm: apic: set APIC base as part of kvm_apic_put - -RH-Author: Dr. David Alan Gilbert -Message-id: <20180628175710.56848-6-dgilbert@redhat.com> -Patchwork-id: 81148 -O-Subject: [RHEL-7.5.z/RHEL-7.4.z/RHEL-7.3.z qemu-kvm PATCH 5/5] kvm: apic: set APIC base as part of kvm_apic_put -Bugzilla: 1596302 -RH-Acked-by: Paolo Bonzini -RH-Acked-by: Laurent Vivier -RH-Acked-by: Michael S. Tsirkin - +From 4142f7546da561898f15169f6e8085167601e878 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" +Date: Tue, 15 May 2018 11:56:34 +0200 +Subject: [PATCH 08/10] kvm: apic: set APIC base as part of kvm_apic_put RH-Author: Dr. David Alan Gilbert Message-id: <20180515115634.24469-6-dgilbert@redhat.com> Patchwork-id: 80271 O-Subject: [RHEL-7.6 qemu-kvm PATCH v2 5/5] kvm: apic: set APIC base as part of kvm_apic_put +Bugzilla: 1577680 RH-Acked-by: Paolo Bonzini RH-Acked-by: Michael S. Tsirkin RH-Acked-by: Eduardo Habkost @@ -43,8 +33,6 @@ Signed-off-by: Dr. David Alan Gilbert Signed-off-by: Paolo Bonzini (cherry picked from commit f8d9ccf8d5f9f4b7d364100871c4c7303b546de5) Signed-off-by: Miroslav Rezanina -(cherry picked from commit 4142f7546da561898f15169f6e8085167601e878) -Signed-off-by: Miroslav Rezanina --- hw/i386/kvm/apic.c | 2 ++ target-i386/kvm.c | 8 ++++++++ @@ -72,10 +60,10 @@ index d47d8da..77d2999 100644 ret = kvm_vcpu_ioctl(CPU(s->cpu), KVM_SET_LAPIC, &kapic); diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 1658621..35a9cf4 100644 +index 71f1573..a1a49d8 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -1157,6 +1157,14 @@ static int kvm_put_one_msr(X86CPU *cpu, int index, uint64_t value) +@@ -1152,6 +1152,14 @@ static int kvm_put_one_msr(X86CPU *cpu, int index, uint64_t value) return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_MSRS, &msr_data); } diff --git a/SOURCES/kvm-console-minimal-hotplug-suport.patch b/SOURCES/kvm-console-minimal-hotplug-suport.patch new file mode 100644 index 0000000..4f19619 --- /dev/null +++ b/SOURCES/kvm-console-minimal-hotplug-suport.patch @@ -0,0 +1,194 @@ +From 8d537fb77d744265a23b0eda33da269ed672e549 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:19 +0200 +Subject: [PATCH 11/17] console: minimal hotplug suport + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-6-git-send-email-tgupta@redhat.com> +Patchwork-id: 80914 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 05/11] console: minimal hotplug suport +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +This patch allows to unbind devices from QemuConsoles, using the new +graphic_console_close() function. The QemuConsole will show a static +display then, saying the device was unplugged. When re-plugging a +display later on the QemuConsole will be reused. + +Eventually we will allocate and release QemuConsoles dynamically at some +point in the future, that'll need more infrastructure though to notify +user interfaces (gtk, sdl, spice, ...) about QemuConsoles coming and +going. + +Signed-off-by: Gerd Hoffmann +Signed-off-by: Alex Williamson + +(cherry picked from 9588d67e72f853349dbb318503368ad01b12feb6) + +Signed-off-by: Miroslav Rezanina + +Conflicts: + qemu-kvm does not have ui/trace-events, so adding traces in + trace_events. + + qemu-kvm does not have graphic_console_set_hwops() function, + so manually setting the ops. +--- + include/ui/console.h | 3 ++- + trace-events | 2 ++ + ui/console.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++++---- + 3 files changed, 74 insertions(+), 6 deletions(-) + +diff --git a/include/ui/console.h b/include/ui/console.h +index 7f5fa66..e23f809 100644 +--- a/include/ui/console.h ++++ b/include/ui/console.h +@@ -275,13 +275,14 @@ typedef struct GraphicHwOps { + QemuConsole *graphic_console_init(DeviceState *dev, + const GraphicHwOps *ops, + void *opaque); +- ++void graphic_console_close(QemuConsole *con); + void graphic_hw_update(QemuConsole *con); + void graphic_hw_invalidate(QemuConsole *con); + void graphic_hw_text_update(QemuConsole *con, console_ch_t *chardata); + + QemuConsole *qemu_console_lookup_by_index(unsigned int index); + QemuConsole *qemu_console_lookup_by_device(DeviceState *dev); ++QemuConsole *qemu_console_lookup_unused(void); + bool qemu_console_is_visible(QemuConsole *con); + bool qemu_console_is_graphic(QemuConsole *con); + bool qemu_console_is_fixedsize(QemuConsole *con); +diff --git a/trace-events b/trace-events +index 8c3ce0c..7b7aad1 100644 +--- a/trace-events ++++ b/trace-events +@@ -994,6 +994,8 @@ dma_map_wait(void *dbs) "dbs=%p" + + # ui/console.c + console_gfx_new(void) "" ++console_gfx_reuse(int index) "%d" ++console_gfx_close(int index) "%d" + console_txt_new(int w, int h) "%dx%d" + console_select(int nr) "%d" + console_refresh(int interval) "interval %d ms" +diff --git a/ui/console.c b/ui/console.c +index c14a0bc..cc319a9 100644 +--- a/ui/console.c ++++ b/ui/console.c +@@ -1246,11 +1246,16 @@ static QemuConsole *new_console(DisplayState *ds, console_type_t console_type) + } + s->ds = ds; + s->console_type = console_type; +- if (console_type != GRAPHIC_CONSOLE) { ++ if (console_type != GRAPHIC_CONSOLE || qdev_hotplug) { + s->index = nb_consoles; + consoles[nb_consoles++] = s; + } else { +- /* HACK: Put graphical consoles before text consoles. */ ++ /* ++ * HACK: Put graphical consoles before text consoles. ++ * ++ * Only do that for coldplugged devices. After initial device ++ * initialization we will not renumber the consoles any more. ++ */ + for (i = nb_consoles; i > 0; i--) { + if (consoles[i - 1]->console_type == GRAPHIC_CONSOLE) + break; +@@ -1610,21 +1615,59 @@ QemuConsole *graphic_console_init(DeviceState *dev, + int height = 480; + QemuConsole *s; + DisplayState *ds; ++ DisplaySurface *surface; + + ds = get_alloc_displaystate(); +- trace_console_gfx_new(); +- s = new_console(ds, GRAPHIC_CONSOLE); ++ s = qemu_console_lookup_unused(); ++ if (s) { ++ trace_console_gfx_reuse(s->index); ++ if (s->surface) { ++ width = surface_width(s->surface); ++ height = surface_height(s->surface); ++ } ++ } else { ++ trace_console_gfx_new(); ++ s = new_console(ds, GRAPHIC_CONSOLE); ++ } ++ + s->hw_ops = hw_ops; + s->hw = opaque; ++ + if (dev) { + object_property_set_link(OBJECT(s), OBJECT(dev), + "device", &local_err); + } + +- s->surface = qemu_create_message_surface(width, height, noinit); ++ surface = qemu_create_message_surface(width, height, noinit); ++ dpy_gfx_replace_surface(s, surface); + return s; + } + ++static const GraphicHwOps unused_ops = { ++ /* no callbacks */ ++}; ++ ++void graphic_console_close(QemuConsole *con) ++{ ++ DisplaySurface *surface; ++ int width = 640; ++ int height = 480; ++ ++ if (con->surface) { ++ width = surface_width(con->surface); ++ height = surface_height(con->surface); ++ } ++ ++ trace_console_gfx_close(con->index); ++ object_property_set_link(OBJECT(con), NULL, "device", &error_abort); ++ ++ con->hw_ops = &unused_ops; ++ con->hw = NULL; ++ ++ surface = qemu_create_displaysurface(width, height); ++ dpy_gfx_replace_surface(con, surface); ++} ++ + QemuConsole *qemu_console_lookup_by_index(unsigned int index) + { + if (index >= MAX_CONSOLES) { +@@ -1652,6 +1695,28 @@ QemuConsole *qemu_console_lookup_by_device(DeviceState *dev) + return NULL; + } + ++QemuConsole *qemu_console_lookup_unused(void) ++{ ++ Object *obj; ++ int i; ++ ++ for (i = 0; i < nb_consoles; i++) { ++ if (!consoles[i]) { ++ continue; ++ } ++ if (consoles[i]->hw_ops != &unused_ops) { ++ continue; ++ } ++ obj = object_property_get_link(OBJECT(consoles[i]), ++ "device", &error_abort); ++ if (obj != NULL) { ++ continue; ++ } ++ return consoles[i]; ++ } ++ return NULL; ++} ++ + bool qemu_console_is_visible(QemuConsole *con) + { + return (con == active_console) || (con->dcls > 0); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-console-nicer-initial-screen.patch b/SOURCES/kvm-console-nicer-initial-screen.patch new file mode 100644 index 0000000..478e300 --- /dev/null +++ b/SOURCES/kvm-console-nicer-initial-screen.patch @@ -0,0 +1,102 @@ +From 7d82cea3c5aa7abc7942eb63c9ce232e10084bd5 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:18 +0200 +Subject: [PATCH 10/17] console: nicer initial screen + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-5-git-send-email-tgupta@redhat.com> +Patchwork-id: 80915 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 04/11] console: nicer initial screen +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Now that we have a function to create a fancy DisplaySurface with a +message for the user, to handle non-existing graphics hardware, we +can make it more generic and use it for other things too. + +This patch adds a text line to the in initial DisplaySurface, +notifying the user that the display isn't initialized yet by the guest. + +You can see this in action when starting qemu with '-S'. Also when +booting ovmf in qemu (which needs a few moments to initialize itself +before it initializes the vga). + +Signed-off-by: Gerd Hoffmann + +(cherry picked from 521a580d2352ad30086babcabb91e6338e47cf62) + +Signed-off-by: Miroslav Rezanina +--- + ui/console.c | 19 +++++++++++-------- + 1 file changed, 11 insertions(+), 8 deletions(-) + +diff --git a/ui/console.c b/ui/console.c +index fb08ec0..c14a0bc 100644 +--- a/ui/console.c ++++ b/ui/console.c +@@ -1323,19 +1323,18 @@ DisplaySurface *qemu_create_displaysurface_from(int width, int height, int bpp, + return surface; + } + +-static DisplaySurface *qemu_create_dummy_surface(void) ++static DisplaySurface *qemu_create_message_surface(int w, int h, ++ const char *msg) + { +- static const char msg[] = +- "This VM has no graphic display device."; +- DisplaySurface *surface = qemu_create_displaysurface(640, 480); ++ DisplaySurface *surface = qemu_create_displaysurface(w, h); + pixman_color_t bg = color_table_rgb[0][COLOR_BLACK]; + pixman_color_t fg = color_table_rgb[0][COLOR_WHITE]; + pixman_image_t *glyph; + int len, x, y, i; + + len = strlen(msg); +- x = (640/FONT_WIDTH - len) / 2; +- y = (480/FONT_HEIGHT - 1) / 2; ++ x = (w/FONT_WIDTH - len) / 2; ++ y = (h/FONT_HEIGHT - 1) / 2; + for (i = 0; i < len; i++) { + glyph = qemu_pixman_glyph_from_vgafont(FONT_HEIGHT, vgafont16, msg[i]); + qemu_pixman_glyph_render(glyph, surface->image, &fg, &bg, +@@ -1357,6 +1356,8 @@ void qemu_free_displaysurface(DisplaySurface *surface) + + void register_displaychangelistener(DisplayChangeListener *dcl) + { ++ static const char nodev[] = ++ "This VM has no graphic display device."; + static DisplaySurface *dummy; + QemuConsole *con; + +@@ -1375,7 +1376,7 @@ void register_displaychangelistener(DisplayChangeListener *dcl) + dcl->ops->dpy_gfx_switch(dcl, con->surface); + } else { + if (!dummy) { +- dummy = qemu_create_dummy_surface(); ++ dummy = qemu_create_message_surface(640, 480, nodev); + } + dcl->ops->dpy_gfx_switch(dcl, dummy); + } +@@ -1602,6 +1603,8 @@ QemuConsole *graphic_console_init(DeviceState *dev, + const GraphicHwOps *hw_ops, + void *opaque) + { ++ static const char noinit[] = ++ "Guest has not initialized the display (yet)."; + Error *local_err = NULL; + int width = 640; + int height = 480; +@@ -1618,7 +1621,7 @@ QemuConsole *graphic_console_init(DeviceState *dev, + "device", &local_err); + } + +- s->surface = qemu_create_displaysurface(width, height); ++ s->surface = qemu_create_message_surface(width, height, noinit); + return s; + } + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-headers-add-drm_fourcc.h.patch b/SOURCES/kvm-headers-add-drm_fourcc.h.patch new file mode 100644 index 0000000..0473c21 --- /dev/null +++ b/SOURCES/kvm-headers-add-drm_fourcc.h.patch @@ -0,0 +1,450 @@ +From c1da33afa02ed4978c34f16ec56d60dbfa5ac2c0 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:15 +0200 +Subject: [PATCH 07/17] headers: add drm_fourcc.h + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-2-git-send-email-tgupta@redhat.com> +Patchwork-id: 80909 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 01/11] headers: add drm_fourcc.h +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +So we can use the drm fourcc codes without a dependency on libdrm-devel. + +Signed-off-by: Gerd Hoffmann +Signed-off-by: Alex Williamson + +(cherry picked from 8e8ee8509a0d2d5a65d7533e6e9179b6f3b0a0d4) + +Conflict: qemu-kvm does not have the standard-headers directory. +So, adding the drm_fourcc.h in include/ directory. + +Signed-off-by: Miroslav Rezanina +--- + include/drm_fourcc.h | 411 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 411 insertions(+) + create mode 100644 include/drm_fourcc.h + +diff --git a/include/drm_fourcc.h b/include/drm_fourcc.h +new file mode 100644 +index 0000000..11912fd +--- /dev/null ++++ b/include/drm_fourcc.h +@@ -0,0 +1,411 @@ ++/* ++ * Copyright 2011 Intel Corporation ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining a ++ * copy of this software and associated documentation files (the "Software"), ++ * to deal in the Software without restriction, including without limitation ++ * the rights to use, copy, modify, merge, publish, distribute, sublicense, ++ * and/or sell copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following conditions: ++ * ++ * The above copyright notice and this permission notice (including the next ++ * paragraph) shall be included in all copies or substantial portions of the ++ * Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL ++ * VA LINUX SYSTEMS AND/OR ITS SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR ++ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ++ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR ++ * OTHER DEALINGS IN THE SOFTWARE. ++ */ ++ ++#ifndef DRM_FOURCC_H ++#define DRM_FOURCC_H ++ ++ ++#if defined(__cplusplus) ++extern "C" { ++#endif ++ ++#define fourcc_code(a, b, c, d) ((uint32_t)(a) | ((uint32_t)(b) << 8) | \ ++ ((uint32_t)(c) << 16) | ((uint32_t)(d) << 24)) ++ ++#define DRM_FORMAT_BIG_ENDIAN (1<<31) /* format is big endian instead of little endian */ ++ ++/* color index */ ++#define DRM_FORMAT_C8 fourcc_code('C', '8', ' ', ' ') /* [7:0] C */ ++ ++/* 8 bpp Red */ ++#define DRM_FORMAT_R8 fourcc_code('R', '8', ' ', ' ') /* [7:0] R */ ++ ++/* 16 bpp Red */ ++#define DRM_FORMAT_R16 fourcc_code('R', '1', '6', ' ') /* [15:0] R little endian */ ++ ++/* 16 bpp RG */ ++#define DRM_FORMAT_RG88 fourcc_code('R', 'G', '8', '8') /* [15:0] R:G 8:8 little endian */ ++#define DRM_FORMAT_GR88 fourcc_code('G', 'R', '8', '8') /* [15:0] G:R 8:8 little endian */ ++ ++/* 32 bpp RG */ ++#define DRM_FORMAT_RG1616 fourcc_code('R', 'G', '3', '2') /* [31:0] R:G 16:16 little endian */ ++#define DRM_FORMAT_GR1616 fourcc_code('G', 'R', '3', '2') /* [31:0] G:R 16:16 little endian */ ++ ++/* 8 bpp RGB */ ++#define DRM_FORMAT_RGB332 fourcc_code('R', 'G', 'B', '8') /* [7:0] R:G:B 3:3:2 */ ++#define DRM_FORMAT_BGR233 fourcc_code('B', 'G', 'R', '8') /* [7:0] B:G:R 2:3:3 */ ++ ++/* 16 bpp RGB */ ++#define DRM_FORMAT_XRGB4444 fourcc_code('X', 'R', '1', '2') /* [15:0] x:R:G:B 4:4:4:4 little endian */ ++#define DRM_FORMAT_XBGR4444 fourcc_code('X', 'B', '1', '2') /* [15:0] x:B:G:R 4:4:4:4 little endian */ ++#define DRM_FORMAT_RGBX4444 fourcc_code('R', 'X', '1', '2') /* [15:0] R:G:B:x 4:4:4:4 little endian */ ++#define DRM_FORMAT_BGRX4444 fourcc_code('B', 'X', '1', '2') /* [15:0] B:G:R:x 4:4:4:4 little endian */ ++ ++#define DRM_FORMAT_ARGB4444 fourcc_code('A', 'R', '1', '2') /* [15:0] A:R:G:B 4:4:4:4 little endian */ ++#define DRM_FORMAT_ABGR4444 fourcc_code('A', 'B', '1', '2') /* [15:0] A:B:G:R 4:4:4:4 little endian */ ++#define DRM_FORMAT_RGBA4444 fourcc_code('R', 'A', '1', '2') /* [15:0] R:G:B:A 4:4:4:4 little endian */ ++#define DRM_FORMAT_BGRA4444 fourcc_code('B', 'A', '1', '2') /* [15:0] B:G:R:A 4:4:4:4 little endian */ ++ ++#define DRM_FORMAT_XRGB1555 fourcc_code('X', 'R', '1', '5') /* [15:0] x:R:G:B 1:5:5:5 little endian */ ++#define DRM_FORMAT_XBGR1555 fourcc_code('X', 'B', '1', '5') /* [15:0] x:B:G:R 1:5:5:5 little endian */ ++#define DRM_FORMAT_RGBX5551 fourcc_code('R', 'X', '1', '5') /* [15:0] R:G:B:x 5:5:5:1 little endian */ ++#define DRM_FORMAT_BGRX5551 fourcc_code('B', 'X', '1', '5') /* [15:0] B:G:R:x 5:5:5:1 little endian */ ++ ++#define DRM_FORMAT_ARGB1555 fourcc_code('A', 'R', '1', '5') /* [15:0] A:R:G:B 1:5:5:5 little endian */ ++#define DRM_FORMAT_ABGR1555 fourcc_code('A', 'B', '1', '5') /* [15:0] A:B:G:R 1:5:5:5 little endian */ ++#define DRM_FORMAT_RGBA5551 fourcc_code('R', 'A', '1', '5') /* [15:0] R:G:B:A 5:5:5:1 little endian */ ++#define DRM_FORMAT_BGRA5551 fourcc_code('B', 'A', '1', '5') /* [15:0] B:G:R:A 5:5:5:1 little endian */ ++ ++#define DRM_FORMAT_RGB565 fourcc_code('R', 'G', '1', '6') /* [15:0] R:G:B 5:6:5 little endian */ ++#define DRM_FORMAT_BGR565 fourcc_code('B', 'G', '1', '6') /* [15:0] B:G:R 5:6:5 little endian */ ++ ++/* 24 bpp RGB */ ++#define DRM_FORMAT_RGB888 fourcc_code('R', 'G', '2', '4') /* [23:0] R:G:B little endian */ ++#define DRM_FORMAT_BGR888 fourcc_code('B', 'G', '2', '4') /* [23:0] B:G:R little endian */ ++ ++/* 32 bpp RGB */ ++#define DRM_FORMAT_XRGB8888 fourcc_code('X', 'R', '2', '4') /* [31:0] x:R:G:B 8:8:8:8 little endian */ ++#define DRM_FORMAT_XBGR8888 fourcc_code('X', 'B', '2', '4') /* [31:0] x:B:G:R 8:8:8:8 little endian */ ++#define DRM_FORMAT_RGBX8888 fourcc_code('R', 'X', '2', '4') /* [31:0] R:G:B:x 8:8:8:8 little endian */ ++#define DRM_FORMAT_BGRX8888 fourcc_code('B', 'X', '2', '4') /* [31:0] B:G:R:x 8:8:8:8 little endian */ ++ ++#define DRM_FORMAT_ARGB8888 fourcc_code('A', 'R', '2', '4') /* [31:0] A:R:G:B 8:8:8:8 little endian */ ++#define DRM_FORMAT_ABGR8888 fourcc_code('A', 'B', '2', '4') /* [31:0] A:B:G:R 8:8:8:8 little endian */ ++#define DRM_FORMAT_RGBA8888 fourcc_code('R', 'A', '2', '4') /* [31:0] R:G:B:A 8:8:8:8 little endian */ ++#define DRM_FORMAT_BGRA8888 fourcc_code('B', 'A', '2', '4') /* [31:0] B:G:R:A 8:8:8:8 little endian */ ++ ++#define DRM_FORMAT_XRGB2101010 fourcc_code('X', 'R', '3', '0') /* [31:0] x:R:G:B 2:10:10:10 little endian */ ++#define DRM_FORMAT_XBGR2101010 fourcc_code('X', 'B', '3', '0') /* [31:0] x:B:G:R 2:10:10:10 little endian */ ++#define DRM_FORMAT_RGBX1010102 fourcc_code('R', 'X', '3', '0') /* [31:0] R:G:B:x 10:10:10:2 little endian */ ++#define DRM_FORMAT_BGRX1010102 fourcc_code('B', 'X', '3', '0') /* [31:0] B:G:R:x 10:10:10:2 little endian */ ++ ++#define DRM_FORMAT_ARGB2101010 fourcc_code('A', 'R', '3', '0') /* [31:0] A:R:G:B 2:10:10:10 little endian */ ++#define DRM_FORMAT_ABGR2101010 fourcc_code('A', 'B', '3', '0') /* [31:0] A:B:G:R 2:10:10:10 little endian */ ++#define DRM_FORMAT_RGBA1010102 fourcc_code('R', 'A', '3', '0') /* [31:0] R:G:B:A 10:10:10:2 little endian */ ++#define DRM_FORMAT_BGRA1010102 fourcc_code('B', 'A', '3', '0') /* [31:0] B:G:R:A 10:10:10:2 little endian */ ++ ++/* packed YCbCr */ ++#define DRM_FORMAT_YUYV fourcc_code('Y', 'U', 'Y', 'V') /* [31:0] Cr0:Y1:Cb0:Y0 8:8:8:8 little endian */ ++#define DRM_FORMAT_YVYU fourcc_code('Y', 'V', 'Y', 'U') /* [31:0] Cb0:Y1:Cr0:Y0 8:8:8:8 little endian */ ++#define DRM_FORMAT_UYVY fourcc_code('U', 'Y', 'V', 'Y') /* [31:0] Y1:Cr0:Y0:Cb0 8:8:8:8 little endian */ ++#define DRM_FORMAT_VYUY fourcc_code('V', 'Y', 'U', 'Y') /* [31:0] Y1:Cb0:Y0:Cr0 8:8:8:8 little endian */ ++ ++#define DRM_FORMAT_AYUV fourcc_code('A', 'Y', 'U', 'V') /* [31:0] A:Y:Cb:Cr 8:8:8:8 little endian */ ++ ++/* ++ * 2 plane RGB + A ++ * index 0 = RGB plane, same format as the corresponding non _A8 format has ++ * index 1 = A plane, [7:0] A ++ */ ++#define DRM_FORMAT_XRGB8888_A8 fourcc_code('X', 'R', 'A', '8') ++#define DRM_FORMAT_XBGR8888_A8 fourcc_code('X', 'B', 'A', '8') ++#define DRM_FORMAT_RGBX8888_A8 fourcc_code('R', 'X', 'A', '8') ++#define DRM_FORMAT_BGRX8888_A8 fourcc_code('B', 'X', 'A', '8') ++#define DRM_FORMAT_RGB888_A8 fourcc_code('R', '8', 'A', '8') ++#define DRM_FORMAT_BGR888_A8 fourcc_code('B', '8', 'A', '8') ++#define DRM_FORMAT_RGB565_A8 fourcc_code('R', '5', 'A', '8') ++#define DRM_FORMAT_BGR565_A8 fourcc_code('B', '5', 'A', '8') ++ ++/* ++ * 2 plane YCbCr ++ * index 0 = Y plane, [7:0] Y ++ * index 1 = Cr:Cb plane, [15:0] Cr:Cb little endian ++ * or ++ * index 1 = Cb:Cr plane, [15:0] Cb:Cr little endian ++ */ ++#define DRM_FORMAT_NV12 fourcc_code('N', 'V', '1', '2') /* 2x2 subsampled Cr:Cb plane */ ++#define DRM_FORMAT_NV21 fourcc_code('N', 'V', '2', '1') /* 2x2 subsampled Cb:Cr plane */ ++#define DRM_FORMAT_NV16 fourcc_code('N', 'V', '1', '6') /* 2x1 subsampled Cr:Cb plane */ ++#define DRM_FORMAT_NV61 fourcc_code('N', 'V', '6', '1') /* 2x1 subsampled Cb:Cr plane */ ++#define DRM_FORMAT_NV24 fourcc_code('N', 'V', '2', '4') /* non-subsampled Cr:Cb plane */ ++#define DRM_FORMAT_NV42 fourcc_code('N', 'V', '4', '2') /* non-subsampled Cb:Cr plane */ ++ ++/* ++ * 3 plane YCbCr ++ * index 0: Y plane, [7:0] Y ++ * index 1: Cb plane, [7:0] Cb ++ * index 2: Cr plane, [7:0] Cr ++ * or ++ * index 1: Cr plane, [7:0] Cr ++ * index 2: Cb plane, [7:0] Cb ++ */ ++#define DRM_FORMAT_YUV410 fourcc_code('Y', 'U', 'V', '9') /* 4x4 subsampled Cb (1) and Cr (2) planes */ ++#define DRM_FORMAT_YVU410 fourcc_code('Y', 'V', 'U', '9') /* 4x4 subsampled Cr (1) and Cb (2) planes */ ++#define DRM_FORMAT_YUV411 fourcc_code('Y', 'U', '1', '1') /* 4x1 subsampled Cb (1) and Cr (2) planes */ ++#define DRM_FORMAT_YVU411 fourcc_code('Y', 'V', '1', '1') /* 4x1 subsampled Cr (1) and Cb (2) planes */ ++#define DRM_FORMAT_YUV420 fourcc_code('Y', 'U', '1', '2') /* 2x2 subsampled Cb (1) and Cr (2) planes */ ++#define DRM_FORMAT_YVU420 fourcc_code('Y', 'V', '1', '2') /* 2x2 subsampled Cr (1) and Cb (2) planes */ ++#define DRM_FORMAT_YUV422 fourcc_code('Y', 'U', '1', '6') /* 2x1 subsampled Cb (1) and Cr (2) planes */ ++#define DRM_FORMAT_YVU422 fourcc_code('Y', 'V', '1', '6') /* 2x1 subsampled Cr (1) and Cb (2) planes */ ++#define DRM_FORMAT_YUV444 fourcc_code('Y', 'U', '2', '4') /* non-subsampled Cb (1) and Cr (2) planes */ ++#define DRM_FORMAT_YVU444 fourcc_code('Y', 'V', '2', '4') /* non-subsampled Cr (1) and Cb (2) planes */ ++ ++ ++/* ++ * Format Modifiers: ++ * ++ * Format modifiers describe, typically, a re-ordering or modification ++ * of the data in a plane of an FB. This can be used to express tiled/ ++ * swizzled formats, or compression, or a combination of the two. ++ * ++ * The upper 8 bits of the format modifier are a vendor-id as assigned ++ * below. The lower 56 bits are assigned as vendor sees fit. ++ */ ++ ++/* Vendor Ids: */ ++#define DRM_FORMAT_MOD_NONE 0 ++#define DRM_FORMAT_MOD_VENDOR_NONE 0 ++#define DRM_FORMAT_MOD_VENDOR_INTEL 0x01 ++#define DRM_FORMAT_MOD_VENDOR_AMD 0x02 ++#define DRM_FORMAT_MOD_VENDOR_NVIDIA 0x03 ++#define DRM_FORMAT_MOD_VENDOR_SAMSUNG 0x04 ++#define DRM_FORMAT_MOD_VENDOR_QCOM 0x05 ++#define DRM_FORMAT_MOD_VENDOR_VIVANTE 0x06 ++#define DRM_FORMAT_MOD_VENDOR_BROADCOM 0x07 ++/* add more to the end as needed */ ++ ++#define DRM_FORMAT_RESERVED ((1ULL << 56) - 1) ++ ++#define fourcc_mod_code(vendor, val) \ ++ ((((uint64_t)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | ((val) & 0x00ffffffffffffffULL)) ++ ++/* ++ * Format Modifier tokens: ++ * ++ * When adding a new token please document the layout with a code comment, ++ * similar to the fourcc codes above. drm_fourcc.h is considered the ++ * authoritative source for all of these. ++ */ ++ ++/* ++ * Invalid Modifier ++ * ++ * This modifier can be used as a sentinel to terminate the format modifiers ++ * list, or to initialize a variable with an invalid modifier. It might also be ++ * used to report an error back to userspace for certain APIs. ++ */ ++#define DRM_FORMAT_MOD_INVALID fourcc_mod_code(NONE, DRM_FORMAT_RESERVED) ++ ++/* ++ * Linear Layout ++ * ++ * Just plain linear layout. Note that this is different from no specifying any ++ * modifier (e.g. not setting DRM_MODE_FB_MODIFIERS in the DRM_ADDFB2 ioctl), ++ * which tells the driver to also take driver-internal information into account ++ * and so might actually result in a tiled framebuffer. ++ */ ++#define DRM_FORMAT_MOD_LINEAR fourcc_mod_code(NONE, 0) ++ ++/* Intel framebuffer modifiers */ ++ ++/* ++ * Intel X-tiling layout ++ * ++ * This is a tiled layout using 4Kb tiles (except on gen2 where the tiles 2Kb) ++ * in row-major layout. Within the tile bytes are laid out row-major, with ++ * a platform-dependent stride. On top of that the memory can apply ++ * platform-depending swizzling of some higher address bits into bit6. ++ * ++ * This format is highly platforms specific and not useful for cross-driver ++ * sharing. It exists since on a given platform it does uniquely identify the ++ * layout in a simple way for i915-specific userspace. ++ */ ++#define I915_FORMAT_MOD_X_TILED fourcc_mod_code(INTEL, 1) ++ ++/* ++ * Intel Y-tiling layout ++ * ++ * This is a tiled layout using 4Kb tiles (except on gen2 where the tiles 2Kb) ++ * in row-major layout. Within the tile bytes are laid out in OWORD (16 bytes) ++ * chunks column-major, with a platform-dependent height. On top of that the ++ * memory can apply platform-depending swizzling of some higher address bits ++ * into bit6. ++ * ++ * This format is highly platforms specific and not useful for cross-driver ++ * sharing. It exists since on a given platform it does uniquely identify the ++ * layout in a simple way for i915-specific userspace. ++ */ ++#define I915_FORMAT_MOD_Y_TILED fourcc_mod_code(INTEL, 2) ++ ++/* ++ * Intel Yf-tiling layout ++ * ++ * This is a tiled layout using 4Kb tiles in row-major layout. ++ * Within the tile pixels are laid out in 16 256 byte units / sub-tiles which ++ * are arranged in four groups (two wide, two high) with column-major layout. ++ * Each group therefore consits out of four 256 byte units, which are also laid ++ * out as 2x2 column-major. ++ * 256 byte units are made out of four 64 byte blocks of pixels, producing ++ * either a square block or a 2:1 unit. ++ * 64 byte blocks of pixels contain four pixel rows of 16 bytes, where the width ++ * in pixel depends on the pixel depth. ++ */ ++#define I915_FORMAT_MOD_Yf_TILED fourcc_mod_code(INTEL, 3) ++ ++/* ++ * Intel color control surface (CCS) for render compression ++ * ++ * The framebuffer format must be one of the 8:8:8:8 RGB formats. ++ * The main surface will be plane index 0 and must be Y/Yf-tiled, ++ * the CCS will be plane index 1. ++ * ++ * Each CCS tile matches a 1024x512 pixel area of the main surface. ++ * To match certain aspects of the 3D hardware the CCS is ++ * considered to be made up of normal 128Bx32 Y tiles, Thus ++ * the CCS pitch must be specified in multiples of 128 bytes. ++ * ++ * In reality the CCS tile appears to be a 64Bx64 Y tile, composed ++ * of QWORD (8 bytes) chunks instead of OWORD (16 bytes) chunks. ++ * But that fact is not relevant unless the memory is accessed ++ * directly. ++ */ ++#define I915_FORMAT_MOD_Y_TILED_CCS fourcc_mod_code(INTEL, 4) ++#define I915_FORMAT_MOD_Yf_TILED_CCS fourcc_mod_code(INTEL, 5) ++ ++/* ++ * Tiled, NV12MT, grouped in 64 (pixels) x 32 (lines) -sized macroblocks ++ * ++ * Macroblocks are laid in a Z-shape, and each pixel data is following the ++ * standard NV12 style. ++ * As for NV12, an image is the result of two frame buffers: one for Y, ++ * one for the interleaved Cb/Cr components (1/2 the height of the Y buffer). ++ * Alignment requirements are (for each buffer): ++ * - multiple of 128 pixels for the width ++ * - multiple of 32 pixels for the height ++ * ++ * For more information: see https://linuxtv.org/downloads/v4l-dvb-apis/re32.html ++ */ ++#define DRM_FORMAT_MOD_SAMSUNG_64_32_TILE fourcc_mod_code(SAMSUNG, 1) ++ ++/* Vivante framebuffer modifiers */ ++ ++/* ++ * Vivante 4x4 tiling layout ++ * ++ * This is a simple tiled layout using tiles of 4x4 pixels in a row-major ++ * layout. ++ */ ++#define DRM_FORMAT_MOD_VIVANTE_TILED fourcc_mod_code(VIVANTE, 1) ++ ++/* ++ * Vivante 64x64 super-tiling layout ++ * ++ * This is a tiled layout using 64x64 pixel super-tiles, where each super-tile ++ * contains 8x4 groups of 2x4 tiles of 4x4 pixels (like above) each, all in row- ++ * major layout. ++ * ++ * For more information: see ++ * https://github.com/etnaviv/etna_viv/blob/master/doc/hardware.md#texture-tiling ++ */ ++#define DRM_FORMAT_MOD_VIVANTE_SUPER_TILED fourcc_mod_code(VIVANTE, 2) ++ ++/* ++ * Vivante 4x4 tiling layout for dual-pipe ++ * ++ * Same as the 4x4 tiling layout, except every second 4x4 pixel tile starts at a ++ * different base address. Offsets from the base addresses are therefore halved ++ * compared to the non-split tiled layout. ++ */ ++#define DRM_FORMAT_MOD_VIVANTE_SPLIT_TILED fourcc_mod_code(VIVANTE, 3) ++ ++/* ++ * Vivante 64x64 super-tiling layout for dual-pipe ++ * ++ * Same as the 64x64 super-tiling layout, except every second 4x4 pixel tile ++ * starts at a different base address. Offsets from the base addresses are ++ * therefore halved compared to the non-split super-tiled layout. ++ */ ++#define DRM_FORMAT_MOD_VIVANTE_SPLIT_SUPER_TILED fourcc_mod_code(VIVANTE, 4) ++ ++/* NVIDIA frame buffer modifiers */ ++ ++/* ++ * Tegra Tiled Layout, used by Tegra 2, 3 and 4. ++ * ++ * Pixels are arranged in simple tiles of 16 x 16 bytes. ++ */ ++#define DRM_FORMAT_MOD_NVIDIA_TEGRA_TILED fourcc_mod_code(NVIDIA, 1) ++ ++/* ++ * 16Bx2 Block Linear layout, used by desktop GPUs, and Tegra K1 and later ++ * ++ * Pixels are arranged in 64x8 Groups Of Bytes (GOBs). GOBs are then stacked ++ * vertically by a power of 2 (1 to 32 GOBs) to form a block. ++ * ++ * Within a GOB, data is ordered as 16B x 2 lines sectors laid in Z-shape. ++ * ++ * Parameter 'v' is the log2 encoding of the number of GOBs stacked vertically. ++ * Valid values are: ++ * ++ * 0 == ONE_GOB ++ * 1 == TWO_GOBS ++ * 2 == FOUR_GOBS ++ * 3 == EIGHT_GOBS ++ * 4 == SIXTEEN_GOBS ++ * 5 == THIRTYTWO_GOBS ++ * ++ * Chapter 20 "Pixel Memory Formats" of the Tegra X1 TRM describes this format ++ * in full detail. ++ */ ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK(v) \ ++ fourcc_mod_code(NVIDIA, 0x10 | ((v) & 0xf)) ++ ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_ONE_GOB \ ++ fourcc_mod_code(NVIDIA, 0x10) ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_TWO_GOB \ ++ fourcc_mod_code(NVIDIA, 0x11) ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_FOUR_GOB \ ++ fourcc_mod_code(NVIDIA, 0x12) ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_EIGHT_GOB \ ++ fourcc_mod_code(NVIDIA, 0x13) ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_SIXTEEN_GOB \ ++ fourcc_mod_code(NVIDIA, 0x14) ++#define DRM_FORMAT_MOD_NVIDIA_16BX2_BLOCK_THIRTYTWO_GOB \ ++ fourcc_mod_code(NVIDIA, 0x15) ++ ++/* ++ * Broadcom VC4 "T" format ++ * ++ * This is the primary layout that the V3D GPU can texture from (it ++ * can't do linear). The T format has: ++ * ++ * - 64b utiles of pixels in a raster-order grid according to cpp. It's 4x4 ++ * pixels at 32 bit depth. ++ * ++ * - 1k subtiles made of a 4x4 raster-order grid of 64b utiles (so usually ++ * 16x16 pixels). ++ * ++ * - 4k tiles made of a 2x2 grid of 1k subtiles (so usually 32x32 pixels). On ++ * even 4k tile rows, they're arranged as (BL, TL, TR, BR), and on odd rows ++ * they're (TR, BR, BL, TL), where bottom left is start of memory. ++ * ++ * - an image made of 4k tiles in rows either left-to-right (even rows of 4k ++ * tiles) or right-to-left (odd rows of 4k tiles). ++ */ ++#define DRM_FORMAT_MOD_BROADCOM_VC4_T_TILED fourcc_mod_code(BROADCOM, 1) ++ ++#if defined(__cplusplus) ++} ++#endif ++ ++#endif /* DRM_FOURCC_H */ +-- +1.8.3.1 + diff --git a/SOURCES/kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch b/SOURCES/kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch index 2c3fd84..1d3e2aa 100644 --- a/SOURCES/kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch +++ b/SOURCES/kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch @@ -1,18 +1,17 @@ -From 404335e8ed73046c079435fe73b921ec993614e4 Mon Sep 17 00:00:00 2001 +From eba382cf6a9a9b0003f10ac3da3e638d6f70d492 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost -Date: Wed, 23 May 2018 20:54:57 +0200 -Subject: [PATCH 1/2] i386: Define the Virt SSBD MSR and handling of it +Date: Wed, 13 Jun 2018 18:50:55 +0200 +Subject: [PATCH 03/17] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Eduardo Habkost -Message-id: <20180523205458.32764-2-ehabkost@redhat.com> -Patchwork-id: 80461 -O-Subject: [RHEL-7.5.z qemu-kvm PATCH 1/2] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) -Bugzilla: 1584363 -RH-Acked-by: Paolo Bonzini +Message-id: <20180613185056.18066-2-ehabkost@redhat.com> +Patchwork-id: 80679 +O-Subject: [RHEL-7.5 qemu-kvm PATCH 1/2] i386: Define the Virt SSBD MSR and handling of it (CVE-2018-3639) +Bugzilla: 1584583 RH-Acked-by: Igor Mammedov RH-Acked-by: Miroslav Rezanina @@ -50,7 +49,7 @@ Signed-off-by: Eduardo Habkost 3 files changed, 38 insertions(+), 2 deletions(-) diff --git a/target-i386/cpu.h b/target-i386/cpu.h -index da84443..68d0c0e 100644 +index c72b545..debb0e5 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -305,6 +305,7 @@ @@ -61,7 +60,7 @@ index da84443..68d0c0e 100644 #define MSR_IA32_TSCDEADLINE 0x6e0 #define MSR_P6_PERFCTR0 0xc1 -@@ -1044,6 +1045,7 @@ typedef struct CPUX86State { +@@ -1052,6 +1053,7 @@ typedef struct CPUX86State { uint32_t pkru; uint64_t spec_ctrl; @@ -70,7 +69,7 @@ index da84443..68d0c0e 100644 TPRAccess tpr_access_type; } CPUX86State; diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 24d17ad..656e24b 100644 +index a1a49d8..35a9cf4 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c @@ -78,6 +78,7 @@ static bool has_msr_hv_tsc; @@ -92,7 +91,7 @@ index 24d17ad..656e24b 100644 } } -@@ -1195,6 +1200,10 @@ static int kvm_put_msrs(X86CPU *cpu, int level) +@@ -1217,6 +1222,10 @@ static int kvm_put_msrs(X86CPU *cpu, int level) if (has_msr_spec_ctrl) { kvm_msr_entry_set(&msrs[n++], MSR_IA32_SPEC_CTRL, env->spec_ctrl); } @@ -103,7 +102,7 @@ index 24d17ad..656e24b 100644 #ifdef TARGET_X86_64 if (lm_capable_kernel) { kvm_msr_entry_set(&msrs[n++], MSR_CSTAR, env->cstar); -@@ -1555,8 +1564,9 @@ static int kvm_get_msrs(X86CPU *cpu) +@@ -1577,8 +1586,9 @@ static int kvm_get_msrs(X86CPU *cpu) if (has_msr_spec_ctrl) { msrs[n++].index = MSR_IA32_SPEC_CTRL; } @@ -115,7 +114,7 @@ index 24d17ad..656e24b 100644 if (!env->tsc_valid) { msrs[n++].index = MSR_IA32_TSC; env->tsc_valid = !runstate_is_running(); -@@ -1800,6 +1810,9 @@ static int kvm_get_msrs(X86CPU *cpu) +@@ -1822,6 +1832,9 @@ static int kvm_get_msrs(X86CPU *cpu) case MSR_IA32_SPEC_CTRL: env->spec_ctrl = msrs[i].data; break; diff --git a/SOURCES/kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch b/SOURCES/kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch index 4217be2..11e6e57 100644 --- a/SOURCES/kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch +++ b/SOURCES/kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch @@ -1,18 +1,17 @@ -From 575e827677fb3c238250c44b5287ae327ddbfcde Mon Sep 17 00:00:00 2001 +From c95345b4fea239a4482652ad57b4106254cd79f0 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost -Date: Wed, 23 May 2018 20:54:58 +0200 -Subject: [PATCH 2/2] i386: define the AMD 'virt-ssbd' CPUID feature bit +Date: Wed, 13 Jun 2018 18:50:56 +0200 +Subject: [PATCH 04/17] i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Eduardo Habkost -Message-id: <20180523205458.32764-3-ehabkost@redhat.com> -Patchwork-id: 80462 -O-Subject: [RHEL-7.5.z qemu-kvm PATCH 2/2] i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) -Bugzilla: 1584363 -RH-Acked-by: Paolo Bonzini +Message-id: <20180613185056.18066-3-ehabkost@redhat.com> +Patchwork-id: 80680 +O-Subject: [RHEL-7.5 qemu-kvm PATCH 2/2] i386: define the AMD 'virt-ssbd' CPUID feature bit (CVE-2018-3639) +Bugzilla: 1584583 RH-Acked-by: Igor Mammedov RH-Acked-by: Miroslav Rezanina @@ -41,7 +40,7 @@ Signed-off-by: Eduardo Habkost 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c -index 539c202..02dcc4b 100644 +index 0254747..4b3a238 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -183,7 +183,7 @@ static const char *cpuid_80000008_ebx_feature_name[] = { diff --git a/SOURCES/kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch b/SOURCES/kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch index 389f6f5..77e33ee 100644 --- a/SOURCES/kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch +++ b/SOURCES/kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch @@ -1,13 +1,14 @@ -From f5a29669048a0a889348839c8707f7f10b0bec48 Mon Sep 17 00:00:00 2001 +From 3aa3deed539cd90a2eee32d3d8c2f673adb58aa8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Wed, 9 May 2018 09:06:29 +0100 -Subject: [PATCH] i386: define the 'ssbd' CPUID feature bit (CVE-2018-3639) +Subject: [PATCH 03/10] i386: define the 'ssbd' CPUID feature bit + (CVE-2018-3639) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Daniel P. Berrangé -Bugzilla: 1574075 +Bugzilla: 1574082 RH-Acked-by: Eduardo Habkost RH-Acked-by: Paolo Bonzini RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch b/SOURCES/kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch new file mode 100644 index 0000000..68e6046 --- /dev/null +++ b/SOURCES/kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch @@ -0,0 +1,49 @@ +From a967318ce21d68d30afbb02bcd8b43dd7157916d Mon Sep 17 00:00:00 2001 +From: John Snow +Date: Thu, 2 Aug 2018 15:53:36 +0200 +Subject: [PATCH 3/4] ide: avoid referencing NULL dev in rotational rate + setting + +RH-Author: John Snow +Message-id: <20180802155336.10347-4-jsnow@redhat.com> +Patchwork-id: 81611 +O-Subject: [RHEL-7.6 qemu-kvm PATCH 3/3] ide: avoid referencing NULL dev in rotational rate setting +Bugzilla: 1583807 +RH-Acked-by: Daniel P. Berrange +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Thomas Huth + +From: "Daniel P. Berrange" + +The 'dev' variable can be NULL when the guest OS calls identify on an IDE +unit that does not have a drive attached to it. + +Signed-off-by: Daniel P. Berrange +Reviewed-by: Stefan Hajnoczi +Message-id: 20171020091403.1479-1-berrange@redhat.com +Signed-off-by: John Snow +(cherry picked from commit 96f43c2b0a663f4789b51ed97297163321e7ba5e) +Signed-off-by: John Snow +Signed-off-by: Miroslav Rezanina +--- + hw/ide/core.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index aea2ff9..be6e0c9 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -179,7 +179,9 @@ static void ide_identify(IDEState *s) + if (dev && dev->conf.discard_granularity) { + put_le16(p + 169, 1); /* TRIM support */ + } +- put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ ++ if (dev) { ++ put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ ++ } + + memcpy(s->identify_data, p, sizeof(s->identify_data)); + s->identify_set = 1; +-- +1.8.3.1 + diff --git a/SOURCES/kvm-ide-support-reporting-of-rotation-rate.patch b/SOURCES/kvm-ide-support-reporting-of-rotation-rate.patch new file mode 100644 index 0000000..0ccf067 --- /dev/null +++ b/SOURCES/kvm-ide-support-reporting-of-rotation-rate.patch @@ -0,0 +1,89 @@ +From f4030862f7ac7e6217415e3ca6be6a4151fa8208 Mon Sep 17 00:00:00 2001 +From: John Snow +Date: Thu, 2 Aug 2018 15:53:35 +0200 +Subject: [PATCH 2/4] ide: support reporting of rotation rate + +RH-Author: John Snow +Message-id: <20180802155336.10347-3-jsnow@redhat.com> +Patchwork-id: 81614 +O-Subject: [RHEL-7.6 qemu-kvm PATCH 2/3] ide: support reporting of rotation rate +Bugzilla: 1583807 +RH-Acked-by: Daniel P. Berrange +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Thomas Huth + +From: "Daniel P. Berrange" + +The Linux kernel will query the ATA IDENTITY DEVICE data, word 217 +to determine the rotations per minute of the disk. If this has +the value 1, it is taken to be an SSD and so Linux sets the +'rotational' flag to 0 for the I/O queue and will stop using that +disk as a source of random entropy. Other operating systems may +also take into account rotation rate when setting up default +behaviour. + +Mgmt apps should be able to set the rotation rate for virtualized +block devices, based on characteristics of the host storage in use, +so that the guest OS gets sensible behaviour out of the box. This +patch thus adds a 'rotation-rate' parameter for 'ide-hd' device +types. + +Signed-off-by: Daniel P. Berrange +Message-Id: <20171004114008.14849-3-berrange@redhat.com> +Reviewed-by: John Snow +Signed-off-by: Paolo Bonzini +(cherry picked from commit 3b19f4506901ecce25ff36cf62353a2b4bfe4f2b) +Signed-off-by: John Snow +Signed-off-by: Miroslav Rezanina +--- + hw/ide/core.c | 1 + + hw/ide/internal.h | 8 ++++++++ + hw/ide/qdev.c | 1 + + 3 files changed, 10 insertions(+) + +diff --git a/hw/ide/core.c b/hw/ide/core.c +index 5c33735..aea2ff9 100644 +--- a/hw/ide/core.c ++++ b/hw/ide/core.c +@@ -179,6 +179,7 @@ static void ide_identify(IDEState *s) + if (dev && dev->conf.discard_granularity) { + put_le16(p + 169, 1); /* TRIM support */ + } ++ put_le16(p + 217, dev->rotation_rate); /* Nominal media rotation rate */ + + memcpy(s->identify_data, p, sizeof(s->identify_data)); + s->identify_set = 1; +diff --git a/hw/ide/internal.h b/hw/ide/internal.h +index f8fb564..1062f85 100644 +--- a/hw/ide/internal.h ++++ b/hw/ide/internal.h +@@ -484,6 +484,14 @@ struct IDEDevice { + char *serial; + char *model; + uint64_t wwn; ++ /* ++ * 0x0000 - rotation rate not reported ++ * 0x0001 - non-rotating medium (SSD) ++ * 0x0002-0x0400 - reserved ++ * 0x0401-0xffe - rotations per minute ++ * 0xffff - reserved ++ */ ++ uint16_t rotation_rate; + }; + + #define BM_STATUS_DMAING 0x01 +diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c +index 44f36c3..4ba2c63 100644 +--- a/hw/ide/qdev.c ++++ b/hw/ide/qdev.c +@@ -219,6 +219,7 @@ static Property ide_hd_properties[] = { + DEFINE_BLOCK_CHS_PROPERTIES(IDEDrive, dev.conf), + DEFINE_PROP_BIOS_CHS_TRANS("bios-chs-trans", + IDEDrive, dev.chs_trans, BIOS_ATA_TRANSLATION_AUTO), ++ DEFINE_PROP_UINT16("rotation_rate", IDEDrive, dev.rotation_rate, 0), + DEFINE_PROP_END_OF_LIST(), + }; + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-iotests-Repairing-error-during-snapshot-deletion.patch b/SOURCES/kvm-iotests-Repairing-error-during-snapshot-deletion.patch new file mode 100644 index 0000000..393c66d --- /dev/null +++ b/SOURCES/kvm-iotests-Repairing-error-during-snapshot-deletion.patch @@ -0,0 +1,199 @@ +From dd504cf4643e80d0b7afe16c82ac247a9e35a4af Mon Sep 17 00:00:00 2001 +From: Max Reitz +Date: Mon, 18 Jun 2018 17:24:54 +0200 +Subject: [PATCH 06/17] iotests: Repairing error during snapshot deletion + +RH-Author: Max Reitz +Message-id: <20180618172454.27434-3-mreitz@redhat.com> +Patchwork-id: 80787 +O-Subject: [RHEL-7.6 qemu-kvm PATCH 2/2] iotests: Repairing error during snapshot deletion +Bugzilla: 1527122 +RH-Acked-by: John Snow +RH-Acked-by: Kevin Wolf +RH-Acked-by: Stefan Hajnoczi + +This adds a test for an I/O error during snapshot deletion, and maybe +more importantly, for how to repair the resulting image. If the +snapshot has been deleted before the error occurs, the only negative +result will be leaked clusters -- and those should be repairable with +qemu-img check -r leaks. + +Signed-off-by: Max Reitz +Reviewed-by: Eric Blake +Message-id: 20180509200059.31125-3-mreitz@redhat.com +Signed-off-by: Max Reitz +(cherry picked from commit b41ad73a3bb972eb43cf52d28669f67ea3fe1762) +Signed-off-by: Miroslav Rezanina + +Conflicts: + tests/qemu-iotests/group + tests/qemu-iotests/217.out + +The error message when a snapshot failed to be deleted is less verbose +(just based on errno instead of a nice Error object). + +Signed-off-by: Max Reitz +--- + tests/qemu-iotests/217 | 90 ++++++++++++++++++++++++++++++++++++++++++++++ + tests/qemu-iotests/217.out | 42 ++++++++++++++++++++++ + tests/qemu-iotests/group | 1 + + 3 files changed, 133 insertions(+) + create mode 100755 tests/qemu-iotests/217 + create mode 100644 tests/qemu-iotests/217.out + +diff --git a/tests/qemu-iotests/217 b/tests/qemu-iotests/217 +new file mode 100755 +index 0000000..d3ab5d7 +--- /dev/null ++++ b/tests/qemu-iotests/217 +@@ -0,0 +1,90 @@ ++#!/bin/bash ++# ++# I/O errors when working with internal qcow2 snapshots, and repairing ++# the result ++# ++# Copyright (C) 2018 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++seq=$(basename $0) ++echo "QA output created by $seq" ++ ++status=1 # failure is the default! ++ ++_cleanup() ++{ ++ _cleanup_test_img ++ rm -f "$TEST_DIR/blkdebug.conf" ++} ++trap "_cleanup; exit \$status" 0 1 2 3 15 ++ ++# get standard environment, filters and checks ++. ./common.rc ++. ./common.filter ++ ++# This test is specific to qcow2 ++_supported_fmt qcow2 ++_supported_proto file ++_supported_os Linux ++ ++# This test needs clusters with at least a refcount of 2 so that ++# OFLAG_COPIED is not set. refcount_bits=1 is therefore unsupported. ++_unsupported_imgopts 'refcount_bits=1[^0-9]' ++ ++echo ++echo '=== Simulating an I/O error during snapshot deletion ===' ++echo ++ ++_make_test_img 64M ++$QEMU_IO -c 'write 0 64k' "$TEST_IMG" | _filter_qemu_io ++ ++# Create the snapshot ++$QEMU_IMG snapshot -c foo "$TEST_IMG" ++ ++# Verify the snapshot is there ++echo ++_img_info | grep 'Snapshot list' ++echo '(Snapshot filtered)' ++echo ++ ++# Try to delete the snapshot (with an error happening when freeing the ++# then leaked clusters) ++cat > "$TEST_DIR/blkdebug.conf" < +Date: Wed, 20 Jun 2018 18:54:21 +0200 +Subject: [PATCH 13/17] linux-headers: Update to include region based display + support. + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-8-git-send-email-tgupta@redhat.com> +Patchwork-id: 80913 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 07/11] linux-headers: Update to include region based display support. +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +update Linux headers to 4.16-rc5 + +Note that VIRTIO_GPU_CAPSET_VIRGL2 was added manually so it has to +be added manually after re-running scripts/update-linux-headers.sh. + +Signed-off-by: Paolo Bonzini +(cherry picked from 9f2d175db5c29b23bc1a560041043d0b10ee57dc) + +Conflict: Only cherry-picking macros for adding region based display +support + +Signed-off-by: Miroslav Rezanina +--- + linux-headers/linux/vfio.h | 52 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 52 insertions(+) + +diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h +index 8995a34..0dab0cc 100644 +--- a/linux-headers/linux/vfio.h ++++ b/linux-headers/linux/vfio.h +@@ -414,6 +414,58 @@ struct vfio_pci_hot_reset { + + #define VFIO_DEVICE_PCI_HOT_RESET _IO(VFIO_TYPE, VFIO_BASE + 13) + ++/** ++ * VFIO_DEVICE_QUERY_GFX_PLANE - _IOW(VFIO_TYPE, VFIO_BASE + 14, ++ * struct vfio_device_query_gfx_plane) ++ * ++ * Set the drm_plane_type and flags, then retrieve the gfx plane info. ++ * ++ * flags supported: ++ * - VFIO_GFX_PLANE_TYPE_PROBE and VFIO_GFX_PLANE_TYPE_DMABUF are set ++ * to ask if the mdev supports dma-buf. 0 on support, -EINVAL on no ++ * support for dma-buf. ++ * - VFIO_GFX_PLANE_TYPE_PROBE and VFIO_GFX_PLANE_TYPE_REGION are set ++ * to ask if the mdev supports region. 0 on support, -EINVAL on no ++ * support for region. ++ * - VFIO_GFX_PLANE_TYPE_DMABUF or VFIO_GFX_PLANE_TYPE_REGION is set ++ * with each call to query the plane info. ++ * - Others are invalid and return -EINVAL. ++ * ++ * Note: ++ * 1. Plane could be disabled by guest. In that case, success will be ++ * returned with zero-initialized drm_format, size, width and height ++ * fields. ++ * 2. x_hot/y_hot is set to 0xFFFFFFFF if no hotspot information available ++ * ++ * Return: 0 on success, -errno on other failure. ++ */ ++struct vfio_device_gfx_plane_info { ++ __u32 argsz; ++ __u32 flags; ++#define VFIO_GFX_PLANE_TYPE_PROBE (1 << 0) ++#define VFIO_GFX_PLANE_TYPE_DMABUF (1 << 1) ++#define VFIO_GFX_PLANE_TYPE_REGION (1 << 2) ++ /* in */ ++ __u32 drm_plane_type; /* type of plane: DRM_PLANE_TYPE_* */ ++ /* out */ ++ __u32 drm_format; /* drm format of plane */ ++ __u64 drm_format_mod; /* tiled mode */ ++ __u32 width; /* width of plane */ ++ __u32 height; /* height of plane */ ++ __u32 stride; /* stride of plane */ ++ __u32 size; /* size of plane in bytes, align on page*/ ++ __u32 x_pos; /* horizontal position of cursor plane */ ++ __u32 y_pos; /* vertical position of cursor plane*/ ++ __u32 x_hot; /* horizontal position of cursor hotspot */ ++ __u32 y_hot; /* vertical position of cursor hotspot */ ++ union { ++ __u32 region_index; /* region index */ ++ __u32 dmabuf_id; /* dma-buf id */ ++ }; ++}; ++ ++#define VFIO_DEVICE_QUERY_GFX_PLANE _IO(VFIO_TYPE, VFIO_BASE + 14) ++ + /* -------- API for Type1 VFIO IOMMU -------- */ + + /** +-- +1.8.3.1 + diff --git a/SOURCES/kvm-multiboot-Check-validity-of-mh_header_addr.patch b/SOURCES/kvm-multiboot-Check-validity-of-mh_header_addr.patch index 25dccb0..98f279e 100644 --- a/SOURCES/kvm-multiboot-Check-validity-of-mh_header_addr.patch +++ b/SOURCES/kvm-multiboot-Check-validity-of-mh_header_addr.patch @@ -1,4 +1,4 @@ -From 10868fe0444b0c74589e42695af665ee8d13e0b9 Mon Sep 17 00:00:00 2001 +From 9ea892729b9c77eaf7b923da8a3e370dbb022e6e Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:48 +0200 Subject: [PATCH 6/8] multiboot: Check validity of mh_header_addr @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-7-kwolf@redhat.com> Patchwork-id: 81515 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 6/6] multiboot: Check validity of mh_header_addr -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch b/SOURCES/kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch index b34d4f8..f284cd8 100644 --- a/SOURCES/kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch +++ b/SOURCES/kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch @@ -1,4 +1,4 @@ -From 241aa1a7f62c5eba0fc95cbe310aaad3ee489a3d Mon Sep 17 00:00:00 2001 +From 7ca60898ccb2e1dc5e47dca5d53eb42922a0a0bc Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:47 +0200 Subject: [PATCH 5/8] multiboot: Reject kernels exceeding the address space @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-6-kwolf@redhat.com> Patchwork-id: 81514 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 5/6] multiboot: Reject kernels exceeding the address space -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch b/SOURCES/kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch index 80f9eae..71c6fde 100644 --- a/SOURCES/kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch +++ b/SOURCES/kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch @@ -1,4 +1,4 @@ -From 8afeffd25dd6af6861439904f66a15f1606e06d5 Mon Sep 17 00:00:00 2001 +From 863255a5677066edbfb2833372804284a64831d3 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:44 +0200 Subject: [PATCH 2/8] multiboot: Remove unused variables from multiboot.c @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-3-kwolf@redhat.com> Patchwork-id: 81516 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 2/6] multiboot: Remove unused variables from multiboot.c -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-multiboot-Use-header-names-when-displaying-fields.patch b/SOURCES/kvm-multiboot-Use-header-names-when-displaying-fields.patch index f58649d..2d4fda3 100644 --- a/SOURCES/kvm-multiboot-Use-header-names-when-displaying-fields.patch +++ b/SOURCES/kvm-multiboot-Use-header-names-when-displaying-fields.patch @@ -1,4 +1,4 @@ -From 62b1260b11b0e93105377eadbf6deeadb84e5516 Mon Sep 17 00:00:00 2001 +From 0bd67b62f13b15c36fa66304fffd70d01382e234 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:45 +0200 Subject: [PATCH 3/8] multiboot: Use header names when displaying fields @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-4-kwolf@redhat.com> Patchwork-id: 81520 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 3/6] multiboot: Use header names when displaying fields -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-multiboot-bss_end_addr-can-be-zero.patch b/SOURCES/kvm-multiboot-bss_end_addr-can-be-zero.patch index 0074cb4..fe43002 100644 --- a/SOURCES/kvm-multiboot-bss_end_addr-can-be-zero.patch +++ b/SOURCES/kvm-multiboot-bss_end_addr-can-be-zero.patch @@ -1,4 +1,4 @@ -From c36441a8376c6edddf4d1bc1ef27e132e71e4ddd Mon Sep 17 00:00:00 2001 +From 758b4f721ba664f383bd234458f78984f22823b6 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:43 +0200 Subject: [PATCH 1/8] multiboot: bss_end_addr can be zero @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-2-kwolf@redhat.com> Patchwork-id: 81517 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 1/6] multiboot: bss_end_addr can be zero -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-multiboot-fprintf-stderr.-error_report.patch b/SOURCES/kvm-multiboot-fprintf-stderr.-error_report.patch index e96f7ce..e8cc4ae 100644 --- a/SOURCES/kvm-multiboot-fprintf-stderr.-error_report.patch +++ b/SOURCES/kvm-multiboot-fprintf-stderr.-error_report.patch @@ -1,4 +1,4 @@ -From 5c4df6bfd7a729f99c61fc6e1068c8df22f18e7d Mon Sep 17 00:00:00 2001 +From a6a1a4a3a9890749501a2a22f6883397a8579b60 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 26 Jul 2018 16:24:46 +0200 Subject: [PATCH 4/8] multiboot: fprintf(stderr...) -> error_report() @@ -7,7 +7,7 @@ RH-Author: Kevin Wolf Message-id: <20180726162448.22072-5-kwolf@redhat.com> Patchwork-id: 81519 O-Subject: [RHEL-7.6/7.5.z qemu-kvm PATCH 4/6] multiboot: fprintf(stderr...) -> error_report() -Bugzilla: 1549824 +Bugzilla: 1549822 RH-Acked-by: John Snow RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Miroslav Rezanina diff --git a/SOURCES/kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch b/SOURCES/kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch new file mode 100644 index 0000000..16101b0 --- /dev/null +++ b/SOURCES/kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch @@ -0,0 +1,99 @@ +From ec8057f43c44075e02b59078b38b40340220f955 Mon Sep 17 00:00:00 2001 +From: Max Reitz +Date: Mon, 18 Jun 2018 17:24:53 +0200 +Subject: [PATCH 05/17] qcow2: Repair OFLAG_COPIED when fixing leaks + +RH-Author: Max Reitz +Message-id: <20180618172454.27434-2-mreitz@redhat.com> +Patchwork-id: 80785 +O-Subject: [RHEL-7.6 qemu-kvm PATCH 1/2] qcow2: Repair OFLAG_COPIED when fixing leaks +Bugzilla: 1527122 +RH-Acked-by: John Snow +RH-Acked-by: Kevin Wolf +RH-Acked-by: Stefan Hajnoczi + +Repairing OFLAG_COPIED is usually safe because it is done after the +refcounts have been repaired. Therefore, it we did not find anyone else +referencing a data or L2 cluster, it makes no sense to not set +OFLAG_COPIED -- and the other direction (clearing OFLAG_COPIED) is +always safe, anyway, it may just induce leaks. + +Furthermore, if OFLAG_COPIED is actually consistent with a wrong (leaky) +refcount, we will decrement the refcount with -r leaks, but OFLAG_COPIED +will then be wrong. qemu-img check should not produce images that are +more corrupted afterwards then they were before. + +Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1527085 +Signed-off-by: Max Reitz +Reviewed-by: Eric Blake +Message-id: 20180509200059.31125-2-mreitz@redhat.com +Signed-off-by: Max Reitz +(cherry picked from commit 3cce51c919c7b4028cf6676dfcb80a45741b5117) +Signed-off-by: Miroslav Rezanina + +Conflicts: + block/qcow2-refcount.c + +Conflicts due to refcounts being fixed to 16 bit downstream, which means +that every instance of the "refcount" variable is an int instead of +uint64_t. This results in contextual conflicts in the corruption +printf()s. + +Signed-off-by: Max Reitz +--- + block/qcow2-refcount.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c +index 848fd31..7a69bcd 100644 +--- a/block/qcow2-refcount.c ++++ b/block/qcow2-refcount.c +@@ -1333,6 +1333,19 @@ static int check_oflag_copied(BlockDriverState *bs, BdrvCheckResult *res, + int ret; + int refcount; + int i, j; ++ bool repair; ++ ++ if (fix & BDRV_FIX_ERRORS) { ++ /* Always repair */ ++ repair = true; ++ } else if (fix & BDRV_FIX_LEAKS) { ++ /* Repair only if that seems safe: This function is always ++ * called after the refcounts have been fixed, so the refcount ++ * is accurate if that repair was successful */ ++ repair = !res->check_errors && !res->corruptions && !res->leaks; ++ } else { ++ repair = false; ++ } + + for (i = 0; i < s->l1_size; i++) { + uint64_t l1_entry = s->l1_table[i]; +@@ -1351,10 +1364,8 @@ static int check_oflag_copied(BlockDriverState *bs, BdrvCheckResult *res, + if ((refcount == 1) != ((l1_entry & QCOW_OFLAG_COPIED) != 0)) { + fprintf(stderr, "%s OFLAG_COPIED L2 cluster: l1_index=%d " + "l1_entry=%" PRIx64 " refcount=%d\n", +- fix & BDRV_FIX_ERRORS ? "Repairing" : +- "ERROR", +- i, l1_entry, refcount); +- if (fix & BDRV_FIX_ERRORS) { ++ repair ? "Repairing" : "ERROR", i, l1_entry, refcount); ++ if (repair) { + s->l1_table[i] = refcount == 1 + ? l1_entry | QCOW_OFLAG_COPIED + : l1_entry & ~QCOW_OFLAG_COPIED; +@@ -1393,10 +1404,8 @@ static int check_oflag_copied(BlockDriverState *bs, BdrvCheckResult *res, + if ((refcount == 1) != ((l2_entry & QCOW_OFLAG_COPIED) != 0)) { + fprintf(stderr, "%s OFLAG_COPIED data cluster: " + "l2_entry=%" PRIx64 " refcount=%d\n", +- fix & BDRV_FIX_ERRORS ? "Repairing" : +- "ERROR", +- l2_entry, refcount); +- if (fix & BDRV_FIX_ERRORS) { ++ repair ? "Repairing" : "ERROR", l2_entry, refcount); ++ if (repair) { + l2_table[j] = cpu_to_be64(refcount == 1 + ? l2_entry | QCOW_OFLAG_COPIED + : l2_entry & ~QCOW_OFLAG_COPIED); +-- +1.8.3.1 + diff --git a/SOURCES/kvm-qdev-New-DEFINE_PROP_ON_OFF_AUTO.patch b/SOURCES/kvm-qdev-New-DEFINE_PROP_ON_OFF_AUTO.patch new file mode 100644 index 0000000..eb18103 --- /dev/null +++ b/SOURCES/kvm-qdev-New-DEFINE_PROP_ON_OFF_AUTO.patch @@ -0,0 +1,102 @@ +From 74c36c49f488579f224013cddfc753c21ce4829e Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:22 +0200 +Subject: [PATCH 14/17] qdev: New DEFINE_PROP_ON_OFF_AUTO +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-9-git-send-email-tgupta@redhat.com> +Patchwork-id: 80916 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 08/11] qdev: New DEFINE_PROP_ON_OFF_AUTO +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Signed-off-by: Markus Armbruster +Reviewed-by: Marc-André Lureau + +(cherry picked from 55e8a154359be12ca4c9730c562d1e3d4b1bd2a1) + +Conflict: qemu-kvm does not have the json based framework to define +properties, so using the exting enum based framework here. + +Signed-off-by: Miroslav Rezanina +--- + hw/core/qdev-properties.c | 17 +++++++++++++++++ + include/hw/qdev-properties.h | 3 +++ + include/qemu-common.h | 7 +++++++ + 3 files changed, 27 insertions(+) + +diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c +index a61250e..71ba10e 100644 +--- a/hw/core/qdev-properties.c ++++ b/hw/core/qdev-properties.c +@@ -568,6 +568,23 @@ PropertyInfo qdev_prop_macaddr = { + .set = set_mac, + }; + ++/* --- on/off/auto --- */ ++static const char *on_off_auto_table[ON_OFF_AUTO_MAX+1] = { ++ [ON_OFF_AUTO_AUTO] = "auto", ++ [ON_OFF_AUTO_ON] = "on", ++ [ON_OFF_AUTO_OFF] = "off", ++ [ON_OFF_AUTO_MAX] = NULL, ++}; ++ ++PropertyInfo qdev_prop_on_off_auto = { ++ .name = "OnOffAuto", ++ .enum_table = on_off_auto_table, ++ .get = get_enum, ++ .set = set_enum, ++}; ++ ++QEMU_BUILD_BUG_ON(sizeof(OnOffAuto) != sizeof(int)); ++ + /* --- lost tick policy --- */ + + static const char *lost_tick_policy_table[LOST_TICK_MAX+1] = { +diff --git a/include/hw/qdev-properties.h b/include/hw/qdev-properties.h +index 77c6f7c..90eaf8f 100644 +--- a/include/hw/qdev-properties.h ++++ b/include/hw/qdev-properties.h +@@ -20,6 +20,7 @@ extern PropertyInfo qdev_prop_string; + extern PropertyInfo qdev_prop_chr; + extern PropertyInfo qdev_prop_ptr; + extern PropertyInfo qdev_prop_macaddr; ++extern PropertyInfo qdev_prop_on_off_auto; + extern PropertyInfo qdev_prop_losttickpolicy; + extern PropertyInfo qdev_prop_bios_chs_trans; + extern PropertyInfo qdev_prop_drive; +@@ -153,6 +154,8 @@ extern PropertyInfo qdev_prop_arraylen; + DEFINE_PROP(_n, _s, _f, qdev_prop_drive, BlockDriverState *) + #define DEFINE_PROP_MACADDR(_n, _s, _f) \ + DEFINE_PROP(_n, _s, _f, qdev_prop_macaddr, MACAddr) ++#define DEFINE_PROP_ON_OFF_AUTO(_n, _s, _f, _d) \ ++ DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_on_off_auto, OnOffAuto) + #define DEFINE_PROP_LOSTTICKPOLICY(_n, _s, _f, _d) \ + DEFINE_PROP_DEFAULT(_n, _s, _f, _d, qdev_prop_losttickpolicy, \ + LostTickPolicy) +diff --git a/include/qemu-common.h b/include/qemu-common.h +index 4569d52..d0c74e3 100644 +--- a/include/qemu-common.h ++++ b/include/qemu-common.h +@@ -258,6 +258,13 @@ typedef int (*DMA_transfer_handler) (void *opaque, int nchan, int pos, int size) + + typedef uint64_t pcibus_t; + ++typedef enum OnOffAuto { ++ ON_OFF_AUTO_AUTO, ++ ON_OFF_AUTO_ON, ++ ON_OFF_AUTO_OFF, ++ ON_OFF_AUTO_MAX, ++} OnOffAuto; ++ + typedef enum LostTickPolicy { + LOST_TICK_DISCARD, + LOST_TICK_DELAY, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-scsi-disk-support-reporting-of-rotation-rate.patch b/SOURCES/kvm-scsi-disk-support-reporting-of-rotation-rate.patch new file mode 100644 index 0000000..02733ca --- /dev/null +++ b/SOURCES/kvm-scsi-disk-support-reporting-of-rotation-rate.patch @@ -0,0 +1,103 @@ +From 04ab93423b97ab5bc175032e0e4e1da288840805 Mon Sep 17 00:00:00 2001 +From: John Snow +Date: Thu, 2 Aug 2018 15:53:34 +0200 +Subject: [PATCH 1/4] scsi-disk: support reporting of rotation rate + +RH-Author: John Snow +Message-id: <20180802155336.10347-2-jsnow@redhat.com> +Patchwork-id: 81613 +O-Subject: [RHEL-7.6 qemu-kvm PATCH 1/3] scsi-disk: support reporting of rotation rate +Bugzilla: 1583807 +RH-Acked-by: Daniel P. Berrange +RH-Acked-by: Laszlo Ersek +RH-Acked-by: Thomas Huth + +From: "Daniel P. Berrange" + +The Linux kernel will query the SCSI "Block device characteristics" +VPD to determine the rotations per minute of the disk. If this has +the value 1, it is taken to be an SSD and so Linux sets the +'rotational' flag to 0 for the I/O queue and will stop using that +disk as a source of random entropy. Other operating systems may +also take into account rotation rate when setting up default +behaviour. + +Mgmt apps should be able to set the rotation rate for virtualized +block devices, based on characteristics of the host storage in use, +so that the guest OS gets sensible behaviour out of the box. This +patch thus adds a 'rotation-rate' parameter for 'scsi-hd' and +'scsi-block' device types. For the latter, this parameter will be +ignored unless the host device has TYPE_DISK. + +Signed-off-by: Daniel P. Berrange +Message-Id: <20171004114008.14849-2-berrange@redhat.com> +Signed-off-by: Paolo Bonzini +(cherry picked from commit 070f80095ad5b1143b50d2faffd2b1a84292e00d) +Signed-off-by: John Snow +Signed-off-by: Miroslav Rezanina +--- + hw/scsi/scsi-disk.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c +index 8a8b0ab..911c7b7 100644 +--- a/hw/scsi/scsi-disk.c ++++ b/hw/scsi/scsi-disk.c +@@ -83,6 +83,14 @@ struct SCSIDiskState + char *product; + bool tray_open; + bool tray_locked; ++ /* ++ * 0x0000 - rotation rate not reported ++ * 0x0001 - non-rotating medium (SSD) ++ * 0x0002-0x0400 - reserved ++ * 0x0401-0xffe - rotations per minute ++ * 0xffff - reserved ++ */ ++ uint16_t rotation_rate; + }; + + static int scsi_handle_rw_error(SCSIDiskReq *r, int error); +@@ -565,6 +573,7 @@ static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) + outbuf[buflen++] = 0x83; // device identification + if (s->qdev.type == TYPE_DISK) { + outbuf[buflen++] = 0xb0; // block limits ++ outbuf[buflen++] = 0xb1; /* block device characteristics */ + outbuf[buflen++] = 0xb2; // thin provisioning + } + break; +@@ -670,6 +679,15 @@ static int scsi_disk_emulate_inquiry(SCSIRequest *req, uint8_t *outbuf) + outbuf[31] = unmap_sectors & 0xff; + break; + } ++ case 0xb1: /* block device characteristics */ ++ { ++ buflen = 8; ++ outbuf[4] = (s->rotation_rate >> 8) & 0xff; ++ outbuf[5] = s->rotation_rate & 0xff; ++ outbuf[6] = 0; ++ outbuf[7] = 0; ++ break; ++ } + case 0xb2: /* thin provisioning */ + { + buflen = 8; +@@ -2543,6 +2561,7 @@ static Property scsi_hd_properties[] = { + DEFINE_PROP_HEX64("wwn", SCSIDiskState, wwn, 0), + DEFINE_PROP_UINT64("max_unmap_size", SCSIDiskState, max_unmap_size, + DEFAULT_MAX_UNMAP_SIZE), ++ DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), + DEFINE_BLOCK_CHS_PROPERTIES(SCSIDiskState, qdev.conf), + DEFINE_PROP_END_OF_LIST(), + }; +@@ -2619,6 +2638,7 @@ static const TypeInfo scsi_cd_info = { + static Property scsi_block_properties[] = { + DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.bs), + DEFINE_PROP_INT32("bootindex", SCSIDiskState, qdev.conf.bootindex, -1), ++ DEFINE_PROP_UINT16("rotation_rate", SCSIDiskState, rotation_rate, 0), + DEFINE_PROP_END_OF_LIST(), + }; + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-slirp-Correct-size-check-in-m_inc.patch b/SOURCES/kvm-slirp-Correct-size-check-in-m_inc.patch new file mode 100644 index 0000000..6d9514b --- /dev/null +++ b/SOURCES/kvm-slirp-Correct-size-check-in-m_inc.patch @@ -0,0 +1,76 @@ +From b25ccac372f3289d7b0b5500064fe0a38eb32d6f Mon Sep 17 00:00:00 2001 +From: Xiao Wang +Date: Wed, 8 Aug 2018 08:44:36 +0200 +Subject: [PATCH 4/4] slirp: Correct size check in m_inc() + +RH-Author: Xiao Wang +Message-id: <1533717876-2330-1-git-send-email-jasowang@redhat.com> +Patchwork-id: 81676 +O-Subject: [RHEL-7.6/7.5z qemu-kvm PATCH] slirp: Correct size check in m_inc() +Bugzilla: 1586253 +RH-Acked-by: Dr. David Alan Gilbert +RH-Acked-by: wexu@redhat.com +RH-Acked-by: Thomas Huth + +From: Peter Maydell + +Notes: +- Conflict since we lacks 6da5de1ee87e ("slirp: reformat m_inc + routine"), and its backport has various other dependicies. +- This is a fixup for CVE-2018-11806 fix + +The data in an mbuf buffer is not necessarily at the start of the +allocated buffer. (For instance m_adj() allows data to be trimmed +from the start by just advancing the pointer and reducing the length.) +This means that the allocated buffer size (m->m_size) and the +amount of space from the m_data pointer to the end of the +buffer (M_ROOM(m)) are not necessarily the same. + +Commit 864036e251f54c9 tried to change the m_inc() function from +taking the new allocated-buffer-size to taking the new room-size, +but forgot to change the initial "do we already have enough space" +check. This meant that if we were trying to extend a buffer which +had a leading gap between the buffer start and the data, we might +incorrectly decide it didn't need to be extended, and then +overrun the end of the buffer, causing memory corruption and +an eventual crash. + +Change the "already big enough?" condition from checking the +argument against m->m_size to checking against M_ROOM(). +This only makes a difference for the callsite in m_cat(); +the other three callsites all start with a freshly allocated +mbuf from m_get(), which will have m->m_size == M_ROOM(m). + +Fixes: 864036e251f54c9 +Fixes: https://bugs.launchpad.net/qemu/+bug/1785670 +Signed-off-by: Peter Maydell +Reviewed-by: Samuel Thibault +Message-id: 20180807114501.12370-1-peter.maydell@linaro.org +Tested-by: Dr. David Alan Gilbert +(cherry picked from commit c22098c74a09164797fae6511c5eaf68f32c4dd8) +Signed-off-by: Jason Wang +Signed-off-by: Miroslav Rezanina +--- + slirp/mbuf.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/slirp/mbuf.c b/slirp/mbuf.c +index ced2033..63f071f 100644 +--- a/slirp/mbuf.c ++++ b/slirp/mbuf.c +@@ -154,8 +154,10 @@ m_inc(struct mbuf *m, int size) + { + int datasize; + +- /* some compiles throw up on gotos. This one we can fake. */ +- if(m->m_size>size) return; ++ /* some compilers throw up on gotos. This one we can fake. */ ++ if (M_ROOM(m) > size) { ++ return; ++ } + + if (m->m_flags & M_EXT) { + datasize = m->m_data - m->m_ext; +-- +1.8.3.1 + diff --git a/SOURCES/kvm-slirp-correct-size-computation-while-concatenating-m.patch b/SOURCES/kvm-slirp-correct-size-computation-while-concatenating-m.patch index ab1a661..af506aa 100644 --- a/SOURCES/kvm-slirp-correct-size-computation-while-concatenating-m.patch +++ b/SOURCES/kvm-slirp-correct-size-computation-while-concatenating-m.patch @@ -1,4 +1,4 @@ -From 58416c6786fa972314cb699a7df28d8c09268f03 Mon Sep 17 00:00:00 2001 +From 2c90d2f3ad8d299df7df7c055c66fa6711397f4a Mon Sep 17 00:00:00 2001 From: Xiao Wang Date: Mon, 30 Jul 2018 06:31:57 +0200 Subject: [PATCH 8/8] slirp: correct size computation while concatenating mbuf @@ -7,7 +7,7 @@ RH-Author: Xiao Wang Message-id: <1532932317-6100-3-git-send-email-jasowang@redhat.com> Patchwork-id: 81543 O-Subject: [RHEL7.6/7.5.z qemu-kvm PATCH 2/2] slirp: correct size computation while concatenating mbuf -Bugzilla: 1586248 +Bugzilla: 1586253 RH-Acked-by: wexu@redhat.com RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Michael S. Tsirkin diff --git a/SOURCES/kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch b/SOURCES/kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch index f55b4f2..39862cf 100644 --- a/SOURCES/kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch +++ b/SOURCES/kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch @@ -1,4 +1,4 @@ -From 07fe03ab45fdc201fdfdd8e45809c86dbd0ab116 Mon Sep 17 00:00:00 2001 +From aac430f476746c628665b96d2ef520a4fc88ca67 Mon Sep 17 00:00:00 2001 From: Xiao Wang Date: Mon, 30 Jul 2018 06:31:56 +0200 Subject: [PATCH 7/8] slirp: remove mbuf(m_hdr, m_dat) indirection @@ -7,7 +7,7 @@ RH-Author: Xiao Wang Message-id: <1532932317-6100-2-git-send-email-jasowang@redhat.com> Patchwork-id: 81542 O-Subject: [RHEL7.6/7.5.z qemu-kvm PATCH 1/2] slirp: remove mbuf(m_hdr, m_dat) indirection -Bugzilla: 1586248 +Bugzilla: 1586253 RH-Acked-by: wexu@redhat.com RH-Acked-by: Stefan Hajnoczi RH-Acked-by: Michael S. Tsirkin diff --git a/SOURCES/kvm-spice-fix-simple-display-on-bigendian-hosts.patch b/SOURCES/kvm-spice-fix-simple-display-on-bigendian-hosts.patch new file mode 100644 index 0000000..15f0bd1 --- /dev/null +++ b/SOURCES/kvm-spice-fix-simple-display-on-bigendian-hosts.patch @@ -0,0 +1,60 @@ +From b01048102e5cc91d484d23531799a130a49d723a Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:16 +0200 +Subject: [PATCH 08/17] spice: fix simple display on bigendian hosts + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-3-git-send-email-tgupta@redhat.com> +Patchwork-id: 80907 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 02/11] spice: fix simple display on bigendian hosts +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Denis Kirjanov is busy getting spice run on ppc64 and trapped into this +one. Spice wire format is little endian, so we have to explicitly say +we want little endian when letting pixman convert the data for us. + +Reported-by: Denis Kirjanov +Signed-off-by: Gerd Hoffmann + +(cherry picked from c1d37cd353be3ea4c5773fc227ba8459c1f20470) + +Signed-off-by: Miroslav Rezanina +--- + include/ui/qemu-pixman.h | 2 ++ + ui/spice-display.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/include/ui/qemu-pixman.h b/include/ui/qemu-pixman.h +index ba970f8..500725c 100644 +--- a/include/ui/qemu-pixman.h ++++ b/include/ui/qemu-pixman.h +@@ -27,8 +27,10 @@ + + #ifdef HOST_WORDS_BIGENDIAN + # define PIXMAN_BE_r8g8b8 PIXMAN_r8g8b8 ++# define PIXMAN_LE_x8r8g8b8 PIXMAN_b8g8r8x8 + #else + # define PIXMAN_BE_r8g8b8 PIXMAN_b8g8r8 ++# define PIXMAN_LE_x8r8g8b8 PIXMAN_x8r8g8b8 + #endif + + /* -------------------------------------------------------------------- */ +diff --git a/ui/spice-display.c b/ui/spice-display.c +index e2c24a9..8b73e5a 100644 +--- a/ui/spice-display.c ++++ b/ui/spice-display.c +@@ -178,7 +178,7 @@ static void qemu_spice_create_one_update(SimpleSpiceDisplay *ssd, + image->bitmap.palette = 0; + image->bitmap.format = SPICE_BITMAP_FMT_32BIT; + +- dest = pixman_image_create_bits(PIXMAN_x8r8g8b8, bw, bh, ++ dest = pixman_image_create_bits(PIXMAN_LE_x8r8g8b8, bw, bh, + (void *)update->bitmap, bw * 4); + pixman_image_composite(PIXMAN_OP_SRC, ssd->surface, NULL, ssd->mirror, + rect->left, rect->top, 0, 0, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-target-i386-Add-support-for-UMIP-and-RDPID-CPUID-bit.patch b/SOURCES/kvm-target-i386-Add-support-for-UMIP-and-RDPID-CPUID-bit.patch new file mode 100644 index 0000000..c0de457 --- /dev/null +++ b/SOURCES/kvm-target-i386-Add-support-for-UMIP-and-RDPID-CPUID-bit.patch @@ -0,0 +1,82 @@ +From 9349e4be5ecf8b70dfc36f6cad56297cd7aa5fc9 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Wed, 27 Jun 2018 07:53:07 +0200 +Subject: [PATCH 02/17] target-i386: Add support for UMIP and RDPID CPUID bits + +RH-Author: plai@redhat.com +Message-id: <1526495303-9837-1-git-send-email-plai@redhat.com> +Patchwork-id: 80372 +O-Subject: [RHEL7.6 PATCH BZ 1526638] target-i386: Add support for UMIP and RDPID CPUID bits +Bugzilla: 1526638 +RH-Acked-by: Eduardo Habkost +RH-Acked-by: Igor Mammedov +RH-Acked-by: Miroslav Rezanina + +From: Paolo Bonzini + +Tested by Intel OTC QA on icelake client hw. +Tested by Intel OTC Virtualization QA. Test Result: + XEN_UMIP_ENABLE : Check if UMIP has been enabled on the feature supported machine / PASS + XEN_UMIP_DISABLE: Verify if the UMIP can be turned off by boot. / PASS + XEN_UMIP_TEST : Check if the protection effect on the instructions of sgdt/sidt/sldt/smsw/str / PASS + XEN_UMIP_EX_TEST :Check if the protection effects on instruction of str, sldtand smsw for register and memory operands. /PASS + XEN_UMIP_TEST: Check if the protection effect on the instructions of sgdt/sidt/sldt/smsw/str / PASS + XEN_UMIP_EX_TEST: Check if the protection effects on instruction of str, sldtand smsw for register and memory operands / PASS + XEN_UMIP_LDT: Verify all the possible 32-bit address encodings / PASS + +These are both stored in CPUID[EAX=7,EBX=0].ECX. KVM is going to +be able to emulate both (albeit with a performance loss in the case +of RDPID, which therefore will be in KVM_GET_EMULATED_CPUID rather +than KVM_GET_SUPPORTED_CPUID). + +It's also possible to implement both in TCG, but this is for 2.8. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Eduardo Habkost +(cherry picked from commit c2f193b538032accb9db504998bf2ea7c0ef65af) +Signed-off-by: Paul Lai + +Resolved Conflicts: + target-i386/cpu.c +--- + target-i386/cpu.c | 4 ++-- + target-i386/cpu.h | 2 ++ + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index 48a5507..0254747 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -155,12 +155,12 @@ static const char *cpuid_7_0_ebx_feature_name[] = { + }; + + static const char *cpuid_7_0_ecx_feature_name[] = { +- NULL, "avx512vbmi", NULL, "pku", ++ NULL, "avx512vbmi", "umip", "pku", + "ospke", NULL, "avx512vbmi2", NULL, + "gfni", "vaes", "vpclmulqdq", "avx512vnni", + "avx512bitalg", NULL, "avx512-vpopcntdq", NULL, + NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, ++ NULL, NULL, "rdpid", NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + }; +diff --git a/target-i386/cpu.h b/target-i386/cpu.h +index a781639..c72b545 100644 +--- a/target-i386/cpu.h ++++ b/target-i386/cpu.h +@@ -600,8 +600,10 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + + #define CPUID_8000_0008_EBX_IBPB (1U << 12) /* Indirect Branch Prediction Barrier */ + ++#define CPUID_7_0_ECX_UMIP (1U << 2) + #define CPUID_7_0_ECX_PKU (1U << 3) + #define CPUID_7_0_ECX_OSPKE (1U << 4) ++#define CPUID_7_0_ECX_RDPID (1U << 22) + + #define CPUID_XSAVE_XSAVEOPT (1U << 0) + #define CPUID_XSAVE_XSAVEC (1U << 1) +-- +1.8.3.1 + diff --git a/SOURCES/kvm-target-i386-introduce-kvm_put_one_msr.patch b/SOURCES/kvm-target-i386-introduce-kvm_put_one_msr.patch index 406e6de..7751a52 100644 --- a/SOURCES/kvm-target-i386-introduce-kvm_put_one_msr.patch +++ b/SOURCES/kvm-target-i386-introduce-kvm_put_one_msr.patch @@ -1,23 +1,13 @@ -From 608f71fea5a9cc79483d0b66aa59cd652ee5bf9c Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" -Date: Thu, 28 Jun 2018 17:57:06 +0200 -Subject: [PATCH 1/5] target-i386: introduce kvm_put_one_msr - -RH-Author: Dr. David Alan Gilbert -Message-id: <20180628175710.56848-2-dgilbert@redhat.com> -Patchwork-id: 81144 -O-Subject: [RHEL-7.5.z/RHEL-7.4.z/RHEL-7.3.z qemu-kvm PATCH 1/5] target-i386: introduce kvm_put_one_msr -Bugzilla: 1596302 -RH-Acked-by: Paolo Bonzini -RH-Acked-by: Laurent Vivier -RH-Acked-by: Michael S. Tsirkin - +From 596e3e7f77a1570aff586199e7bb34de0b4e0ba6 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" +Date: Tue, 15 May 2018 11:56:30 +0200 +Subject: [PATCH 04/10] target-i386: introduce kvm_put_one_msr RH-Author: Dr. David Alan Gilbert Message-id: <20180515115634.24469-2-dgilbert@redhat.com> Patchwork-id: 80272 O-Subject: [RHEL-7.6 qemu-kvm PATCH v2 1/5] target-i386: introduce kvm_put_one_msr +Bugzilla: 1577680 RH-Acked-by: Paolo Bonzini RH-Acked-by: Michael S. Tsirkin RH-Acked-by: Eduardo Habkost @@ -37,17 +27,15 @@ Signed-off-by: Paolo Bonzini Signed-off-by: Dr. David Alan Gilbert Signed-off-by: Miroslav Rezanina -(cherry picked from commit 596e3e7f77a1570aff586199e7bb34de0b4e0ba6) -Signed-off-by: Miroslav Rezanina --- target-i386/kvm.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 656e24b..8544e52 100644 +index 24d17ad..6f3424e 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -1141,24 +1141,38 @@ static void kvm_msr_entry_set(struct kvm_msr_entry *entry, +@@ -1136,24 +1136,38 @@ static void kvm_msr_entry_set(struct kvm_msr_entry *entry, entry->data = value; } diff --git a/SOURCES/kvm-ui-pixman-add-qemu_drm_format_to_pixman.patch b/SOURCES/kvm-ui-pixman-add-qemu_drm_format_to_pixman.patch new file mode 100644 index 0000000..ce1bb52 --- /dev/null +++ b/SOURCES/kvm-ui-pixman-add-qemu_drm_format_to_pixman.patch @@ -0,0 +1,91 @@ +From df989559119707094b17269d025bcdf83df765f1 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:17 +0200 +Subject: [PATCH 09/17] ui/pixman: add qemu_drm_format_to_pixman() + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-4-git-send-email-tgupta@redhat.com> +Patchwork-id: 80911 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 03/11] ui/pixman: add qemu_drm_format_to_pixman() +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Map drm fourcc codes to pixman formats. + +Signed-off-by: Gerd Hoffmann +Reviewed by: Kirti Wankhede +Signed-off-by: Alex Williamson + +(cherry picked from a5127bd73f77b90b50d63014be10cef467c1c3f9) + +Signed-off-by: Miroslav Rezanina +--- + include/ui/qemu-pixman.h | 6 ++++++ + ui/qemu-pixman.c | 22 ++++++++++++++++++++++ + 2 files changed, 28 insertions(+) + +diff --git a/include/ui/qemu-pixman.h b/include/ui/qemu-pixman.h +index 500725c..8deb008 100644 +--- a/include/ui/qemu-pixman.h ++++ b/include/ui/qemu-pixman.h +@@ -27,9 +27,13 @@ + + #ifdef HOST_WORDS_BIGENDIAN + # define PIXMAN_BE_r8g8b8 PIXMAN_r8g8b8 ++# define PIXMAN_LE_r8g8b8 PIXMAN_b8g8r8 ++# define PIXMAN_LE_a8r8g8b8 PIXMAN_b8g8r8a8 + # define PIXMAN_LE_x8r8g8b8 PIXMAN_b8g8r8x8 + #else + # define PIXMAN_BE_r8g8b8 PIXMAN_b8g8r8 ++# define PIXMAN_LE_r8g8b8 PIXMAN_r8g8b8 ++# define PIXMAN_LE_a8r8g8b8 PIXMAN_a8r8g8b8 + # define PIXMAN_LE_x8r8g8b8 PIXMAN_x8r8g8b8 + #endif + +@@ -46,6 +50,8 @@ pixman_image_t *qemu_pixman_mirror_create(pixman_format_code_t format, + pixman_image_t *image); + void qemu_pixman_image_unref(pixman_image_t *image); + ++pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format); ++ + pixman_color_t qemu_pixman_color(PixelFormat *pf, uint32_t color); + pixman_image_t *qemu_pixman_glyph_from_vgafont(int height, const uint8_t *font, + unsigned int ch); +diff --git a/ui/qemu-pixman.c b/ui/qemu-pixman.c +index 254bd8c..4be422c 100644 +--- a/ui/qemu-pixman.c ++++ b/ui/qemu-pixman.c +@@ -5,6 +5,28 @@ + + #include "qemu-common.h" + #include "ui/console.h" ++#include "drm_fourcc.h" ++ ++/* Note: drm is little endian, pixman is native endian */ ++pixman_format_code_t qemu_drm_format_to_pixman(uint32_t drm_format) ++{ ++ static const struct { ++ uint32_t drm_format; ++ pixman_format_code_t pixman; ++ } map[] = { ++ { DRM_FORMAT_RGB888, PIXMAN_LE_r8g8b8 }, ++ { DRM_FORMAT_ARGB8888, PIXMAN_LE_a8r8g8b8 }, ++ { DRM_FORMAT_XRGB8888, PIXMAN_LE_x8r8g8b8 } ++ }; ++ int i; ++ ++ for (i = 0; i < ARRAY_SIZE(map); i++) { ++ if (drm_format == map[i].drm_format) { ++ return map[i].pixman; ++ } ++ } ++ return 0; ++} + + int qemu_pixman_get_type(int rshift, int gshift, int bshift) + { +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vfio-common-cleanup-in-vfio_region_finalize.patch b/SOURCES/kvm-vfio-common-cleanup-in-vfio_region_finalize.patch new file mode 100644 index 0000000..ffdc163 --- /dev/null +++ b/SOURCES/kvm-vfio-common-cleanup-in-vfio_region_finalize.patch @@ -0,0 +1,46 @@ +From b79ac72e8192d3f1036a7027ffed668399183be5 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:20 +0200 +Subject: [PATCH 12/17] vfio/common: cleanup in vfio_region_finalize + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-7-git-send-email-tgupta@redhat.com> +Patchwork-id: 80910 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 06/11] vfio/common: cleanup in vfio_region_finalize +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Signed-off-by: Gerd Hoffmann +Reviewed by: Kirti Wankhede +Signed-off-by: Alex Williamson + +(cherry picked from 92f86bff088dc6f0c0ed93b8e82d4d2459c35145) + +Signed-off-by: Miroslav Rezanina +--- + hw/misc/vfio.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index 68ff949..414b689 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -2798,6 +2798,13 @@ static void vfio_region_finalize(VFIORegion *region) + g_free(region->mmaps); + + trace_vfio_region_finalize(region->vbasedev->name, region->nr); ++ ++ region->mem = NULL; ++ region->mmaps = NULL; ++ region->nr_mmaps = 0; ++ region->size = 0; ++ region->flags = 0; ++ region->nr = 0; + } + + static void vfio_region_mmaps_set_enabled(VFIORegion *region, bool enabled) +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vfio-display-adding-region-support.patch b/SOURCES/kvm-vfio-display-adding-region-support.patch new file mode 100644 index 0000000..024187c --- /dev/null +++ b/SOURCES/kvm-vfio-display-adding-region-support.patch @@ -0,0 +1,205 @@ +From 8635eaec9dd5152d94e2cd98056b80879357cf56 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:24 +0200 +Subject: [PATCH 16/17] vfio/display: adding region support + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-11-git-send-email-tgupta@redhat.com> +Patchwork-id: 80912 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 10/11] vfio/display: adding region support +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Wire up region-based display. + +Signed-off-by: Gerd Hoffmann +Reviewed By: Kirti Wankhede +Signed-off-by: Alex Williamson + +(cherry picked from 00195ba710a004af02a711239324d7137f0b189a) + +Bugzilla: https://bugzilla.redhat.com/1555246 +Signed-off-by: Miroslav Rezanina + +Conflicts: + qemu_create_displaysurface_from() function in qemu-kvm does not + have "format" argument. It instead has the "bpp" and "byteswap" + argument. + + graphic_console_init() function in qemu-kvm does not have the + "head" argument +--- + hw/misc/vfio.c | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 125 insertions(+), 2 deletions(-) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index 22d5cac..dd3efb3 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -211,6 +211,14 @@ struct VFIODeviceOps { + void (*vfio_eoi)(VFIODevice *vdev); + }; + ++typedef struct VFIODisplay { ++ QemuConsole *con; ++ struct { ++ VFIORegion buffer; ++ DisplaySurface *surface; ++ } region; ++} VFIODisplay; ++ + typedef struct VFIOPCIDevice { + PCIDevice pdev; + VFIODevice vbasedev; +@@ -245,6 +253,7 @@ typedef struct VFIOPCIDevice { + bool has_flr; + bool has_pm_reset; + bool rom_read_failed; ++ VFIODisplay *dpy; + } VFIOPCIDevice; + + typedef struct VFIOGroup { +@@ -2762,6 +2771,114 @@ static int vfio_region_mmap(VFIORegion *region) + return 0; + } + ++/* ---------------------------------------------------------------------- */ ++ ++static void vfio_display_region_update(void *opaque) ++{ ++ VFIOPCIDevice *vdev = opaque; ++ VFIODisplay *dpy = vdev->dpy; ++ struct vfio_device_gfx_plane_info plane = { ++ .argsz = sizeof(plane), ++ .flags = VFIO_GFX_PLANE_TYPE_REGION ++ }; ++ pixman_format_code_t format; ++ int ret; ++ ++ ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, &plane); ++ if (ret < 0) { ++ error_report("ioctl VFIO_DEVICE_QUERY_GFX_PLANE: %s", ++ strerror(errno)); ++ return; ++ } ++ if (!plane.drm_format || !plane.size) { ++ return; ++ } ++ format = qemu_drm_format_to_pixman(plane.drm_format); ++ if (!format) { ++ return; ++ } ++ ++ if (dpy->region.buffer.size && ++ dpy->region.buffer.nr != plane.region_index) { ++ /* region changed */ ++ vfio_region_exit(&dpy->region.buffer); ++ vfio_region_finalize(&dpy->region.buffer); ++ dpy->region.surface = NULL; ++ } ++ ++ if (dpy->region.surface && ++ (surface_width(dpy->region.surface) != plane.width || ++ surface_height(dpy->region.surface) != plane.height || ++ dpy->region.surface->format != format)) { ++ /* size changed */ ++ dpy->region.surface = NULL; ++ } ++ ++ if (!dpy->region.buffer.size) { ++ /* mmap region */ ++ ret = vfio_region_setup(OBJECT(vdev), &vdev->vbasedev, ++ &dpy->region.buffer, ++ plane.region_index, ++ "display"); ++ if (ret != 0) { ++ error_report("%s: vfio_region_setup(%d): %s", ++ __func__, plane.region_index, strerror(-ret)); ++ goto err; ++ } ++ ret = vfio_region_mmap(&dpy->region.buffer); ++ if (ret != 0) { ++ error_report("%s: vfio_region_mmap(%d): %s", __func__, ++ plane.region_index, strerror(-ret)); ++ goto err; ++ } ++ assert(dpy->region.buffer.mmaps[0].mmap != NULL); ++ } ++ ++ if (dpy->region.surface == NULL) { ++ int bpp = PIXMAN_FORMAT_BPP(format); ++ /* create surface */ ++ dpy->region.surface = qemu_create_displaysurface_from ++ (plane.width, plane.height, bpp, ++ plane.stride, dpy->region.buffer.mmaps[0].mmap, false); ++ dpy_gfx_replace_surface(dpy->con, dpy->region.surface); ++ } ++ ++ /* full screen update */ ++ dpy_gfx_update(dpy->con, 0, 0, ++ surface_width(dpy->region.surface), ++ surface_height(dpy->region.surface)); ++ return; ++ ++err: ++ vfio_region_exit(&dpy->region.buffer); ++ vfio_region_finalize(&dpy->region.buffer); ++} ++ ++static const GraphicHwOps vfio_display_region_ops = { ++ .gfx_update = vfio_display_region_update, ++}; ++ ++static int vfio_display_region_init(VFIOPCIDevice *vdev) ++{ ++ vdev->dpy = g_new0(VFIODisplay, 1); ++ vdev->dpy->con = graphic_console_init(DEVICE(vdev), ++ &vfio_display_region_ops, ++ vdev); ++ return 0; ++} ++ ++static void vfio_display_region_exit(VFIODisplay *dpy) ++{ ++ if (!dpy->region.buffer.size) { ++ return; ++ } ++ ++ vfio_region_exit(&dpy->region.buffer); ++ vfio_region_finalize(&dpy->region.buffer); ++} ++ ++/* ---------------------------------------------------------------------- */ ++ + static int vfio_display_probe(VFIOPCIDevice *vdev) + { + struct vfio_device_gfx_plane_info probe; +@@ -2772,8 +2889,7 @@ static int vfio_display_probe(VFIOPCIDevice *vdev) + probe.flags = VFIO_GFX_PLANE_TYPE_PROBE | VFIO_GFX_PLANE_TYPE_REGION; + ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, &probe); + if (ret == 0) { +- error_report("vfio-display: region support not implemented yet"); +- return -1; ++ return vfio_display_region_init(vdev); + } + + if (vdev->display == ON_OFF_AUTO_AUTO) { +@@ -2787,6 +2903,13 @@ static int vfio_display_probe(VFIOPCIDevice *vdev) + + static void vfio_display_finalize(VFIOPCIDevice *vdev) + { ++ if (!vdev->dpy) { ++ return; ++ } ++ ++ graphic_console_close(vdev->dpy->con); ++ vfio_display_region_exit(vdev->dpy); ++ g_free(vdev->dpy); + } + + static void vfio_region_exit(VFIORegion *region) +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vfio-display-core-wireup.patch b/SOURCES/kvm-vfio-display-core-wireup.patch new file mode 100644 index 0000000..45e8b6e --- /dev/null +++ b/SOURCES/kvm-vfio-display-core-wireup.patch @@ -0,0 +1,117 @@ +From 5a0718f03d4da66682d5580e156c6cf4b8005891 Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:23 +0200 +Subject: [PATCH 15/17] vfio/display: core & wireup + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-10-git-send-email-tgupta@redhat.com> +Patchwork-id: 80918 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 09/11] vfio/display: core & wireup +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +nfrastructure for display support. Must be enabled +using 'display' property. + +Signed-off-by: Gerd Hoffmann +Reviewed By: Kirti Wankhede +Signed-off-by: Alex Williamson + +(cherry picked from a9994687cb9b5f72399398a0985419f4d2b95dc5) + +Signed-off-by: Miroslav Rezanina +--- + hw/misc/vfio.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index 414b689..22d5cac 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -40,6 +40,7 @@ + #include "sysemu/kvm.h" + #include "sysemu/sysemu.h" + #include "trace.h" ++#include "ui/console.h" + + /* #define DEBUG_VFIO */ + #ifdef DEBUG_VFIO +@@ -235,6 +236,7 @@ typedef struct VFIOPCIDevice { + #define VFIO_FEATURE_ENABLE_VGA (1 << VFIO_FEATURE_ENABLE_VGA_BIT) + #define VFIO_FEATURE_ENABLE_REQ_BIT 1 + #define VFIO_FEATURE_ENABLE_REQ (1 << VFIO_FEATURE_ENABLE_REQ_BIT) ++ OnOffAuto display; + int32_t bootindex; + uint8_t pm_cap; + bool has_vga; +@@ -2760,6 +2762,33 @@ static int vfio_region_mmap(VFIORegion *region) + return 0; + } + ++static int vfio_display_probe(VFIOPCIDevice *vdev) ++{ ++ struct vfio_device_gfx_plane_info probe; ++ int ret; ++ ++ memset(&probe, 0, sizeof(probe)); ++ probe.argsz = sizeof(probe); ++ probe.flags = VFIO_GFX_PLANE_TYPE_PROBE | VFIO_GFX_PLANE_TYPE_REGION; ++ ret = ioctl(vdev->vbasedev.fd, VFIO_DEVICE_QUERY_GFX_PLANE, &probe); ++ if (ret == 0) { ++ error_report("vfio-display: region support not implemented yet"); ++ return -1; ++ } ++ ++ if (vdev->display == ON_OFF_AUTO_AUTO) { ++ /* not an error in automatic mode */ ++ return 0; ++ } ++ ++ error_report("vfio: device doesn't support any (known) display method"); ++ return -1; ++} ++ ++static void vfio_display_finalize(VFIOPCIDevice *vdev) ++{ ++} ++ + static void vfio_region_exit(VFIORegion *region) + { + int i; +@@ -4232,6 +4261,14 @@ static int vfio_initfn(PCIDevice *pdev) + } + + add_boot_device_path(vdev->bootindex, &pdev->qdev, NULL); ++ ++ if (vdev->display != ON_OFF_AUTO_OFF) { ++ ret = vfio_display_probe(vdev); ++ if (ret) { ++ goto out_teardown; ++ } ++ } ++ + vfio_register_err_notifier(vdev); + vfio_register_req_notifier(vdev); + +@@ -4261,6 +4298,7 @@ static void vfio_exitfn(PCIDevice *pdev) + qemu_free_timer(vdev->intx.mmap_timer); + } + vfio_teardown_msi(vdev); ++ vfio_display_finalize(vdev); + vfio_unmap_bars(vdev); + g_free(vdev->emulated_config_bits); + g_free(vdev->rom); +@@ -4313,6 +4351,8 @@ static void vfio_instance_init(Object *obj) + static Property vfio_pci_dev_properties[] = { + DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIOPCIDevice, host), + DEFINE_PROP_STRING("sysfsdev", VFIOPCIDevice, vbasedev.sysfsdev), ++ DEFINE_PROP_ON_OFF_AUTO("display", VFIOPCIDevice, ++ display, ON_OFF_AUTO_AUTO), + DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIOPCIDevice, + intx.mmap_timeout, 1100), + DEFINE_PROP_BIT("x-vga", VFIOPCIDevice, features, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vfio-pci-Default-display-option-to-off.patch b/SOURCES/kvm-vfio-pci-Default-display-option-to-off.patch new file mode 100644 index 0000000..7997e43 --- /dev/null +++ b/SOURCES/kvm-vfio-pci-Default-display-option-to-off.patch @@ -0,0 +1,48 @@ +From 24d5cb5f451e6e41456e5967d326fa51c844b22f Mon Sep 17 00:00:00 2001 +From: Tarun Gupta +Date: Wed, 20 Jun 2018 18:54:25 +0200 +Subject: [PATCH 17/17] vfio/pci: Default display option to "off" + +RH-Author: Tarun Gupta +Message-id: <1529520865-18127-12-git-send-email-tgupta@redhat.com> +Patchwork-id: 80917 +O-Subject: [RHEL7.6 qemu-kvm PATCH v3 11/11] vfio/pci: Default display option to "off" +Bugzilla: 1555246 +RH-Acked-by: Alex Williamson +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Miroslav Rezanina + +Commit a9994687cb9b ("vfio/display: core & wireup") added display +support to vfio-pci with the default being "auto", which breaks +existing VMs when the vGPU requires GL support but had no previous +requirement for a GL compatible configuration. "Off" is the safer +default as we impose no new requirements to VM configurations. + +Fixes: a9994687cb9b ("vfio/display: core & wireup") + +Signed-off-by: Alex Williamson + +(cherry picked from upstream qemu +8151a9c56d31eeeea872b8103c8b86d03c411667) + +Signed-off-by: Miroslav Rezanina +--- + hw/misc/vfio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c +index dd3efb3..f91eecb 100644 +--- a/hw/misc/vfio.c ++++ b/hw/misc/vfio.c +@@ -4475,7 +4475,7 @@ static Property vfio_pci_dev_properties[] = { + DEFINE_PROP_PCI_HOST_DEVADDR("host", VFIOPCIDevice, host), + DEFINE_PROP_STRING("sysfsdev", VFIOPCIDevice, vbasedev.sysfsdev), + DEFINE_PROP_ON_OFF_AUTO("display", VFIOPCIDevice, +- display, ON_OFF_AUTO_AUTO), ++ display, ON_OFF_AUTO_OFF), + DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIOPCIDevice, + intx.mmap_timeout, 1100), + DEFINE_PROP_BIT("x-vga", VFIOPCIDevice, features, +-- +1.8.3.1 + diff --git a/SOURCES/kvm-vga-add-ram_addr_t-cast.patch b/SOURCES/kvm-vga-add-ram_addr_t-cast.patch index bc09fa1..0a614ab 100644 --- a/SOURCES/kvm-vga-add-ram_addr_t-cast.patch +++ b/SOURCES/kvm-vga-add-ram_addr_t-cast.patch @@ -1,13 +1,13 @@ -From 793f93597e16bbe37da8b0e884f9f17d1790b99a Mon Sep 17 00:00:00 2001 +From c7db4596ac0794d7feaea30fcc5f3a05aa7210c3 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 9 Apr 2018 13:27:35 +0200 -Subject: [PATCH 1/2] vga: add ram_addr_t cast +Subject: [PATCH 01/10] vga: add ram_addr_t cast RH-Author: Gerd Hoffmann Message-id: <20180409132736.24598-2-kraxel@redhat.com> Patchwork-id: 79513 O-Subject: [RHEL-7.5 qemu-kvm PATCH 1/2] vga: add ram_addr_t cast -Bugzilla: 1567913 +Bugzilla: 1553670 RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Stefan Hajnoczi RH-Acked-by: John Snow diff --git a/SOURCES/kvm-vga-fix-region-calculation.patch b/SOURCES/kvm-vga-fix-region-calculation.patch index 099430e..bfe5614 100644 --- a/SOURCES/kvm-vga-fix-region-calculation.patch +++ b/SOURCES/kvm-vga-fix-region-calculation.patch @@ -1,13 +1,13 @@ -From 3ed3904f7411bd5896aebdfcc6fe202dbfc2eef6 Mon Sep 17 00:00:00 2001 +From e47337aa12a371cded61aefee052a808d32e0d64 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 9 Apr 2018 13:27:36 +0200 -Subject: [PATCH 2/2] vga: fix region calculation +Subject: [PATCH 02/10] vga: fix region calculation RH-Author: Gerd Hoffmann Message-id: <20180409132736.24598-3-kraxel@redhat.com> Patchwork-id: 79512 O-Subject: [RHEL-7.5 qemu-kvm PATCH 2/2] vga: fix region calculation -Bugzilla: 1567913 +Bugzilla: 1553670 RH-Acked-by: Dr. David Alan Gilbert RH-Acked-by: Stefan Hajnoczi RH-Acked-by: John Snow diff --git a/SOURCES/kvm-x86-cpu-Enable-new-SSE-AVX-AVX512-cpu-features.patch b/SOURCES/kvm-x86-cpu-Enable-new-SSE-AVX-AVX512-cpu-features.patch new file mode 100644 index 0000000..32b1b61 --- /dev/null +++ b/SOURCES/kvm-x86-cpu-Enable-new-SSE-AVX-AVX512-cpu-features.patch @@ -0,0 +1,88 @@ +From 1d9d6bd6721a92ae161bd7a4e9de202691b90da0 Mon Sep 17 00:00:00 2001 +From: "plai@redhat.com" +Date: Tue, 8 May 2018 17:40:48 +0200 +Subject: [PATCH 01/17] x86/cpu: Enable new SSE/AVX/AVX512 cpu features + +RH-Author: plai@redhat.com +Message-id: <1525801248-24104-1-git-send-email-plai@redhat.com> +Patchwork-id: 80114 +O-Subject: [RHEL7.6 PATCH BZ 1513686] x86/cpu: Enable new SSE/AVX/AVX512 cpu features +Bugzilla: 1513686 +RH-Acked-by: Eduardo Habkost +RH-Acked-by: Igor Mammedov +RH-Acked-by: Radim Krcmar + +From: Yang Zhong + +Intel OTC Virt tested. + +Intel IceLake cpu has added new cpu features,AVX512_VBMI2/GFNI/ +VAES/VPCLMULQDQ/AVX512_VNNI/AVX512_BITALG. Those new cpu features +need expose to guest VM. + +The bit definition: +CPUID.(EAX=7,ECX=0):ECX[bit 06] AVX512_VBMI2 +CPUID.(EAX=7,ECX=0):ECX[bit 08] GFNI +CPUID.(EAX=7,ECX=0):ECX[bit 09] VAES +CPUID.(EAX=7,ECX=0):ECX[bit 10] VPCLMULQDQ +CPUID.(EAX=7,ECX=0):ECX[bit 11] AVX512_VNNI +CPUID.(EAX=7,ECX=0):ECX[bit 12] AVX512_BITALG + +The release document ref below link: +https://software.intel.com/sites/default/files/managed/c5/15/\ +architecture-instruction-set-extensions-programming-reference.pdf + +Signed-off-by: Yang Zhong +Message-Id: <1511335676-20797-1-git-send-email-yang.zhong@intel.com> +Signed-off-by: Paolo Bonzini +(cherry picked from commit aff9e6e46a343e1404498be4edd03db1112f0950) +Signed-off-by: Paul Lai + +Resolved Conflicts: + target/i386/cpu.c + target/i386/cpu.h + changes applied to target-i386/cpu.{c,h} + +Signed-off-by: Miroslav Rezanina +--- + target-i386/cpu.c | 6 +++--- + target-i386/cpu.h | 6 ++++++ + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/target-i386/cpu.c b/target-i386/cpu.c +index 539c202..48a5507 100644 +--- a/target-i386/cpu.c ++++ b/target-i386/cpu.c +@@ -156,9 +156,9 @@ static const char *cpuid_7_0_ebx_feature_name[] = { + + static const char *cpuid_7_0_ecx_feature_name[] = { + NULL, "avx512vbmi", NULL, "pku", +- "ospke", NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, +- NULL, NULL, "avx512-vpopcntdq", NULL, ++ "ospke", NULL, "avx512vbmi2", NULL, ++ "gfni", "vaes", "vpclmulqdq", "avx512vnni", ++ "avx512bitalg", NULL, "avx512-vpopcntdq", NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +diff --git a/target-i386/cpu.h b/target-i386/cpu.h +index da84443..a781639 100644 +--- a/target-i386/cpu.h ++++ b/target-i386/cpu.h +@@ -584,6 +584,12 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS]; + #define CPUID_7_0_ECX_UMIP (1U << 2) + #define CPUID_7_0_ECX_PKU (1U << 3) + #define CPUID_7_0_ECX_OSPKE (1U << 4) ++#define CPUID_7_0_ECX_VBMI2 (1U << 6) /* Additional VBMI Instrs */ ++#define CPUID_7_0_ECX_GFNI (1U << 8) ++#define CPUID_7_0_ECX_VAES (1U << 9) ++#define CPUID_7_0_ECX_VPCLMULQDQ (1U << 10) ++#define CPUID_7_0_ECX_AVX512VNNI (1U << 11) ++#define CPUID_7_0_ECX_AVX512BITALG (1U << 12) + #define CPUID_7_0_ECX_AVX512_VPOPCNTDQ (1U << 14) /* POPCNT for vectors of DW/QW */ + #define CPUID_7_0_ECX_RDPID (1U << 22) + +-- +1.8.3.1 + diff --git a/SOURCES/kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch b/SOURCES/kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch index c39f91b..e310843 100644 --- a/SOURCES/kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch +++ b/SOURCES/kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch @@ -1,23 +1,13 @@ -From 0076f45c587331bb0b49a6b643377d8522789456 Mon Sep 17 00:00:00 2001 -From: "Dr. David Alan Gilbert" -Date: Thu, 28 Jun 2018 17:57:08 +0200 -Subject: [PATCH 3/5] x86/lapic: Load LAPIC state at post_load - -RH-Author: Dr. David Alan Gilbert -Message-id: <20180628175710.56848-4-dgilbert@redhat.com> -Patchwork-id: 81143 -O-Subject: [RHEL-7.5.z/RHEL-7.4.z/RHEL-7.3.z qemu-kvm PATCH 3/5] x86/lapic: Load LAPIC state at post_load -Bugzilla: 1596302 -RH-Acked-by: Paolo Bonzini -RH-Acked-by: Laurent Vivier -RH-Acked-by: Michael S. Tsirkin - +From f0254b84d490273e922d04b01a7b48f0ac370185 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" +Date: Tue, 15 May 2018 11:56:32 +0200 +Subject: [PATCH 06/10] x86/lapic: Load LAPIC state at post_load RH-Author: Dr. David Alan Gilbert Message-id: <20180515115634.24469-4-dgilbert@redhat.com> Patchwork-id: 80273 O-Subject: [RHEL-7.6 qemu-kvm PATCH v2 3/5] x86/lapic: Load LAPIC state at post_load +Bugzilla: 1577680 RH-Acked-by: Paolo Bonzini RH-Acked-by: Michael S. Tsirkin RH-Acked-by: Eduardo Habkost @@ -39,8 +29,6 @@ Suggested-by: Paolo Bonzini Signed-off-by: Paolo Bonzini (cherry picked from commit 78d6a05d2f69cbfa6e95f0a4a24a2c934969913b) Signed-off-by: Miroslav Rezanina -(cherry picked from commit f0254b84d490273e922d04b01a7b48f0ac370185) -Signed-off-by: Miroslav Rezanina --- hw/i386/kvm/apic.c | 27 ++++++++++++++++++++++++--- include/sysemu/kvm.h | 1 - @@ -120,10 +108,10 @@ index 0c6833f..49cfc42 100644 struct kvm_guest_debug; diff --git a/target-i386/kvm.c b/target-i386/kvm.c -index 8544e52..1658621 100644 +index 6f3424e..71f1573 100644 --- a/target-i386/kvm.c +++ b/target-i386/kvm.c -@@ -1876,20 +1876,6 @@ static int kvm_get_apic(X86CPU *cpu) +@@ -1863,20 +1863,6 @@ static int kvm_get_apic(X86CPU *cpu) return 0; } @@ -144,7 +132,7 @@ index 8544e52..1658621 100644 static int kvm_put_vcpu_events(X86CPU *cpu, int level) { CPUX86State *env = &cpu->env; -@@ -2071,10 +2057,6 @@ int kvm_arch_put_registers(CPUState *cpu, int level) +@@ -2058,10 +2044,6 @@ int kvm_arch_put_registers(CPUState *cpu, int level) if (ret < 0) { return ret; } diff --git a/SPECS/qemu-kvm.spec b/SPECS/qemu-kvm.spec index 384543a..007479a 100644 --- a/SPECS/qemu-kvm.spec +++ b/SPECS/qemu-kvm.spec @@ -76,10 +76,10 @@ Obsoletes: %1 < %{obsoletes_version} \ Summary: QEMU is a machine emulator and virtualizer Name: %{pkgname}%{?pkgsuffix} Version: 1.5.3 -Release: 156%{?dist}.5 +Release: 160%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 10 -License: GPLv2+ and LGPLv2+ and BSD +License: GPLv2 and GPLv2+ and CC-BY Group: Development/Tools URL: http://www.qemu.org/ ExclusiveArch: x86_64 @@ -3865,42 +3865,80 @@ Patch1903: kvm-ui-avoid-sign-extension-using-client-width-height.patch Patch1904: kvm-ui-correctly-advance-output-buffer-when-writing-SASL.patch # For bz#1518711 - CVE-2017-15268 qemu-kvm: Qemu: I/O: potential memory exhaustion via websock connection to VNC [rhel-7.5] Patch1905: kvm-io-skip-updates-to-client-if-websocket-output-buffer.patch -# For bz#1567913 - CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z] +# For bz#1553670 - CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] Patch1906: kvm-vga-add-ram_addr_t-cast.patch -# For bz#1567913 - CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z] +# For bz#1553670 - CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] Patch1907: kvm-vga-fix-region-calculation.patch -# For bz#1574075 - EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z] +# For bz#1574082 - CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-7.6] Patch1908: kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch -# For bz#1584363 - CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z] -Patch1909: kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch -# For bz#1584363 - CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z] -Patch1910: kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch -# For bz#1596302 - Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z] -Patch1911: kvm-target-i386-introduce-kvm_put_one_msr.patch -# For bz#1596302 - Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z] -Patch1912: kvm-apic-fix-2.2-2.1-migration.patch -# For bz#1596302 - Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z] -Patch1913: kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch -# For bz#1596302 - Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z] -Patch1914: kvm-apic-drop-debugging.patch -# For bz#1596302 - Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z] -Patch1915: kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1916: kvm-multiboot-bss_end_addr-can-be-zero.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1917: kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1918: kvm-multiboot-Use-header-names-when-displaying-fields.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1919: kvm-multiboot-fprintf-stderr.-error_report.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1920: kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch -# For bz#1549824 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z] -Patch1921: kvm-multiboot-Check-validity-of-mh_header_addr.patch -# For bz#1586248 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z] -Patch1922: kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch -# For bz#1586248 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z] -Patch1923: kvm-slirp-correct-size-computation-while-concatenating-m.patch +# For bz#1577680 - Windows 2012 Guest hangs after live migration with RTC clock stopped. +Patch1909: kvm-target-i386-introduce-kvm_put_one_msr.patch +# For bz#1577680 - Windows 2012 Guest hangs after live migration with RTC clock stopped. +Patch1910: kvm-apic-fix-2.2-2.1-migration.patch +# For bz#1577680 - Windows 2012 Guest hangs after live migration with RTC clock stopped. +Patch1911: kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch +# For bz#1577680 - Windows 2012 Guest hangs after live migration with RTC clock stopped. +Patch1912: kvm-apic-drop-debugging.patch +# For bz#1577680 - Windows 2012 Guest hangs after live migration with RTC clock stopped. +Patch1913: kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch +# For bz#1513686 - [Intel 7.6 Feat] qemu-kvm Enabling Icelake new NIs +Patch1914: kvm-x86-cpu-Enable-new-SSE-AVX-AVX512-cpu-features.patch +# For bz#1526638 - [Intel 7.6 FEAT] KVM User Mode Instruction Prevention (UMIP) - qemu-kvm +Patch1915: kvm-target-i386-Add-support-for-UMIP-and-RDPID-CPUID-bit.patch +# For bz#1584583 - CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-7.6] +Patch1916: kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch +# For bz#1584583 - CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-7.6] +Patch1917: kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch +# For bz#1527122 - The copied flag should be updated during '-r leaks' +Patch1918: kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch +# For bz#1527122 - The copied flag should be updated during '-r leaks' +Patch1919: kvm-iotests-Repairing-error-during-snapshot-deletion.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1920: kvm-headers-add-drm_fourcc.h.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1921: kvm-spice-fix-simple-display-on-bigendian-hosts.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1922: kvm-ui-pixman-add-qemu_drm_format_to_pixman.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1923: kvm-console-nicer-initial-screen.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1924: kvm-console-minimal-hotplug-suport.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1925: kvm-vfio-common-cleanup-in-vfio_region_finalize.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1926: kvm-linux-headers-Update-to-include-region-based-display.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1927: kvm-qdev-New-DEFINE_PROP_ON_OFF_AUTO.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1928: kvm-vfio-display-core-wireup.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1929: kvm-vfio-display-adding-region-support.patch +# For bz#1555246 - [RFE] Support console VNC on Nvidia vGPU - qemu +Patch1930: kvm-vfio-pci-Default-display-option-to-off.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1931: kvm-multiboot-bss_end_addr-can-be-zero.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1932: kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1933: kvm-multiboot-Use-header-names-when-displaying-fields.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1934: kvm-multiboot-fprintf-stderr.-error_report.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1935: kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch +# For bz#1549822 - CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6] +Patch1936: kvm-multiboot-Check-validity-of-mh_header_addr.patch +# For bz#1586253 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6] +Patch1937: kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch +# For bz#1586253 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6] +Patch1938: kvm-slirp-correct-size-computation-while-concatenating-m.patch +# For bz#1583807 - [DELL EMC 7.6 FEAT] option to mark virtual block device as rotational/non-rotational +Patch1939: kvm-scsi-disk-support-reporting-of-rotation-rate.patch +# For bz#1583807 - [DELL EMC 7.6 FEAT] option to mark virtual block device as rotational/non-rotational +Patch1940: kvm-ide-support-reporting-of-rotation-rate.patch +# For bz#1583807 - [DELL EMC 7.6 FEAT] option to mark virtual block device as rotational/non-rotational +Patch1941: kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch +# For bz#1586253 - CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6] +Patch1942: kvm-slirp-Correct-size-check-in-m_inc.patch BuildRequires: zlib-devel @@ -6002,6 +6040,25 @@ tar -xf %{SOURCE21} %patch1921 -p1 %patch1922 -p1 %patch1923 -p1 +%patch1924 -p1 +%patch1925 -p1 +%patch1926 -p1 +%patch1927 -p1 +%patch1928 -p1 +%patch1929 -p1 +%patch1930 -p1 +%patch1931 -p1 +%patch1932 -p1 +%patch1933 -p1 +%patch1934 -p1 +%patch1935 -p1 +%patch1936 -p1 +%patch1937 -p1 +%patch1938 -p1 +%patch1939 -p1 +%patch1940 -p1 +%patch1941 -p1 +%patch1942 -p1 %build buildarch="%{kvm_target}-softmmu" @@ -6011,11 +6068,11 @@ extraldflags="-Wl,--build-id"; buildldflags="VL_LDFLAGS=-Wl,--build-id" # QEMU already knows how to set _FORTIFY_SOURCE -%global optflags %(echo %{optflags} | sed 's/-Wp,-D_FORTIFY_SOURCE=2//') +%global qemuoptflags %(echo %{optflags} | sed 's/-Wp,-D_FORTIFY_SOURCE=2//') %ifarch s390 # drop -g flag to prevent memory exhaustion by linker - %global optflags %(echo %{optflags} | sed 's/-g//') + %global qemuoptflags %(echo %{qemuoptflags} | sed 's/-g//') sed -i.debug 's/"-g $CFLAGS"/"$CFLAGS"/g' configure %endif @@ -6034,7 +6091,7 @@ dobuild() { --disable-strip \ --disable-qom-cast-debug \ --extra-ldflags="$extraldflags -pie -Wl,-z,relro -Wl,-z,now" \ - --extra-cflags="%{optflags} -fPIE -DPIE" \ + --extra-cflags="%{qemuoptflags} -fPIE -DPIE" \ --enable-trace-backend=dtrace \ --enable-werror \ --disable-xen \ @@ -6130,7 +6187,7 @@ dobuild --target-list="$buildarch" cp -a %{kvm_target}-softmmu/qemu-system-%{kvm_target} qemu-kvm - gcc %{SOURCE6} -O2 -g -o ksmctl + gcc %{SOURCE6} $RPM_OPT_FLAGS $RPM_LD_FLAGS -o ksmctl %endif %install @@ -6447,45 +6504,80 @@ sh %{_sysconfdir}/sysconfig/modules/kvm.modules &> /dev/null || : %{_mandir}/man8/qemu-nbd.8* %changelog -* Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-156.el7_5.5 -- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549824] -- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549824] -- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549824] -- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549824] -- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549824] -- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549824] -- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586248] -- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586248] -- Resolves: bz#1549824 - (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.5.z]) -- Resolves: bz#1586248 - (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.5.z]) - -* Mon Jul 23 2018 Miroslav Rezanina - 1.5.3-156.el7_5.4 -- kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1596302] -- kvm-apic-fix-2.2-2.1-migration.patch [bz#1596302] -- kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1596302] -- kvm-apic-drop-debugging.patch [bz#1596302] -- kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1596302] -- Resolves: bz#1596302 - (Windows 2012 Guest hangs after live migration with RTC clock stopped. [rhel-7.5.z]) - -* Fri Jun 08 2018 Miroslav Rezanina - 1.5.3-156.el7_5.3 -- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584363] -- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584363] -- Resolves: bz#1584363 - (CVE-2018-3639 qemu-kvm: hw: cpu: AMD: speculative store bypass [rhel-7.5.z]) - -* Fri May 11 2018 Miroslav Rezanina - 1.5.3-156.el7_5.2 -- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574075] -- Resolves: bz#1574075 - (EMBARGOED CVE-2018-3639 qemu-kvm: Kernel: omega-4 [rhel-7.5.z]) - -* Mon Apr 16 2018 Miroslav Rezanina - 1.5.3-156.el7_5.1 -- kvm-vga-add-ram_addr_t-cast.patch [bz#1567913] -- kvm-vga-fix-region-calculation.patch [bz#1567913] -- Resolves: bz#1567913 - (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7] [rhel-7.5.z]) +* Mon Aug 20 2018 Miroslav Rezanina - 1.5.3-160.el7 +- kvm-scsi-disk-support-reporting-of-rotation-rate.patch [bz#1583807] +- kvm-ide-support-reporting-of-rotation-rate.patch [bz#1583807] +- kvm-ide-avoid-referencing-NULL-dev-in-rotational-rate-se.patch [bz#1583807] +- kvm-slirp-Correct-size-check-in-m_inc.patch [bz#1586253] +- Resolves: bz#1583807 + ([DELL EMC 7.6 FEAT] option to mark virtual block device as rotational/non-rotational) +- Resolves: bz#1586253 + (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6]) + +* Wed Aug 01 2018 Miroslav Rezanina - 1.5.3-159.el7 +- kvm-multiboot-bss_end_addr-can-be-zero.patch [bz#1549822] +- kvm-multiboot-Remove-unused-variables-from-multiboot.c.patch [bz#1549822] +- kvm-multiboot-Use-header-names-when-displaying-fields.patch [bz#1549822] +- kvm-multiboot-fprintf-stderr.-error_report.patch [bz#1549822] +- kvm-multiboot-Reject-kernels-exceeding-the-address-space.patch [bz#1549822] +- kvm-multiboot-Check-validity-of-mh_header_addr.patch [bz#1549822] +- kvm-slirp-remove-mbuf-m_hdr-m_dat-indirection.patch [bz#1586253] +- kvm-slirp-correct-size-computation-while-concatenating-m.patch [bz#1586253] +- Resolves: bz#1549822 + (CVE-2018-7550 qemu-kvm: Qemu: i386: multiboot OOB access while loading kernel image [rhel-7.6]) +- Resolves: bz#1586253 + (CVE-2018-11806 qemu-kvm: QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams [rhel-7.6]) + +* Wed Jun 27 2018 Miroslav Rezanina - 1.5.3-158.el7 +- kvm-x86-cpu-Enable-new-SSE-AVX-AVX512-cpu-features.patch [bz#1513686] +- kvm-target-i386-Add-support-for-UMIP-and-RDPID-CPUID-bit.patch [bz#1526638] +- kvm-i386-Define-the-Virt-SSBD-MSR-and-handling-of-it-CVE.patch [bz#1584583] +- kvm-i386-define-the-AMD-virt-ssbd-CPUID-feature-bit-CVE-.patch [bz#1584583] +- kvm-qcow2-Repair-OFLAG_COPIED-when-fixing-leaks.patch [bz#1527122] +- kvm-iotests-Repairing-error-during-snapshot-deletion.patch [bz#1527122] +- kvm-headers-add-drm_fourcc.h.patch [bz#1555246] +- kvm-spice-fix-simple-display-on-bigendian-hosts.patch [bz#1555246] +- kvm-ui-pixman-add-qemu_drm_format_to_pixman.patch [bz#1555246] +- kvm-console-nicer-initial-screen.patch [bz#1555246] +- kvm-console-minimal-hotplug-suport.patch [bz#1555246] +- kvm-vfio-common-cleanup-in-vfio_region_finalize.patch [bz#1555246] +- kvm-linux-headers-Update-to-include-region-based-display.patch [bz#1555246] +- kvm-qdev-New-DEFINE_PROP_ON_OFF_AUTO.patch [bz#1555246] +- kvm-vfio-display-core-wireup.patch [bz#1555246] +- kvm-vfio-display-adding-region-support.patch [bz#1555246] +- kvm-vfio-pci-Default-display-option-to-off.patch [bz#1555246] +- Resolves: bz#1513686 + ([Intel 7.6 Feat] qemu-kvm Enabling Icelake new NIs) +- Resolves: bz#1526638 + ([Intel 7.6 FEAT] KVM User Mode Instruction Prevention (UMIP) - qemu-kvm) +- Resolves: bz#1527122 + (The copied flag should be updated during '-r leaks') +- Resolves: bz#1555246 + ([RFE] Support console VNC on Nvidia vGPU - qemu) +- Resolves: bz#1584583 + (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-7.6]) + +* Thu Jun 07 2018 Miroslav Rezanina - 1.5.3-157.el7 +- kvm-vga-add-ram_addr_t-cast.patch [bz#1553670] +- kvm-vga-fix-region-calculation.patch [bz#1553670] +- kvm-i386-define-the-ssbd-CPUID-feature-bit-CVE-2018-3639.patch [bz#1574082] +- kvm-target-i386-introduce-kvm_put_one_msr.patch [bz#1577680] +- kvm-apic-fix-2.2-2.1-migration.patch [bz#1577680] +- kvm-x86-lapic-Load-LAPIC-state-at-post_load.patch [bz#1577680] +- kvm-apic-drop-debugging.patch [bz#1577680] +- kvm-apic-set-APIC-base-as-part-of-kvm_apic_put.patch [bz#1577680] +- kvm-spec-Change-License-line.patch [bz#1549108] +- kvm-spec-Use-hardening-flags-for-ksmctl-build.patch [bz#1558895] +- Resolves: bz#1549108 + (Incorrect License information in RPM specfile) +- Resolves: bz#1553670 + (CVE-2018-7858 qemu-kvm: Qemu: cirrus: OOB access when updating vga display [rhel-7]) +- Resolves: bz#1558895 + (ksmctl is built without any hardening flags set [rhel-7.6]) +- Resolves: bz#1574082 + (CVE-2018-3639 qemu-kvm: hw: cpu: speculative store bypass [rhel-7.6]) +- Resolves: bz#1577680 + (Windows 2012 Guest hangs after live migration with RTC clock stopped.) * Tue Feb 20 2018 Miroslav Rezanina - 1.5.3-156.el7 - kvm-vnc-Fix-qemu-crashed-when-vnc-client-disconnect-sudd.patch [bz#1527405]